Vulnerability-Lookup

vendor-advisory

Impacted products

Vendor

Product

Version

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Affected: various

AMD	AMD Ryzen™ 7000 Series Desktop Processor	Affected: Various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7045 Series Mobile Processors	Affected: various
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T15:53:23.792810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T17:21:09.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:32:11.904Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7009",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20579",
    "datePublished": "2024-02-13T19:32:11.904Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2025-03-14T17:21:09.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20596 (GCVE-0-2023-20596)

Vulnerability from nvd – Published: 2023-11-14 18:55 – Updated: 2024-08-02 09:05

Summary

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”	Affected: various
AMD	Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics Formerly codenamed \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series  Desktop Processors  with Radeon\u2122 Graphics Formerly codenamed \u201cRaphael\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors with Radeon\u2122 Graphics Formerly codenamed \u201cRaphael\u201d X3D",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics Formerly codenamed \u201cPhoenix\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:55:14.665Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7011",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20596",
    "datePublished": "2023-11-14T18:55:14.665Z",
    "dateReserved": "2022-10-27T18:53:39.763Z",
    "dateUpdated": "2024-08-02T09:05:36.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20571 (GCVE-0-2023-20571)

Vulnerability from nvd – Published: 2023-11-14 18:55 – Updated: 2024-08-02 09:05

Summary

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:55:02.307Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20571",
    "datePublished": "2023-11-14T18:55:02.307Z",
    "dateReserved": "2022-10-27T18:53:39.755Z",
    "dateUpdated": "2024-08-02T09:05:45.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20565 (GCVE-0-2023-20565)

Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-08-02 09:05

Summary

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:27:26.573Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20565",
    "datePublished": "2023-11-14T18:54:51.738Z",
    "dateReserved": "2022-10-27T18:53:39.752Z",
    "dateUpdated": "2024-08-02T09:05:45.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20563 (GCVE-0-2023-20563)

Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-10-22 13:44

Summary

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "ComboAM4V2 1.2.0.B *(2023-08-25)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "ComboAM5 1.0.7.0 (2023-04-18)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_6000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6000_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "RembrandtPI-FP7 1.0.0.9 (2023-05-16)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7035_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7035_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "RembrandtPI-FP7 1.0.0.9 (2023-05-16)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7030_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7030_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP5 1.2.0.A (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP5 1.0.0.2 (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_5000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbAM4PI 1.0.0.3 (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20563",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:15:29.685693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:44:05.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:27:18.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20563",
    "datePublished": "2023-11-14T18:54:41.308Z",
    "dateReserved": "2022-10-27T18:53:39.747Z",
    "dateUpdated": "2024-10-22T13:44:05.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23821 (GCVE-0-2022-23821)

Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26

Summary

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors “Matisse”

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-05T20:28:42.236096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T14:26:05.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:26:03.900Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23821",
    "datePublished": "2023-11-14T18:54:32.952Z",
    "dateReserved": "2022-01-21T17:20:55.779Z",
    "dateUpdated": "2024-12-03T14:26:05.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23820 (GCVE-0-2022-23820)

Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51

Summary

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 series Desktop Processors “Matisse"

Affected: various

AMD	AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Affected: Various
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS	Affected: various
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Affected: various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	AMD EPYC™ Embedded 7003	Affected: various
AMD	AMD EPYC™ Embedded 7003	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-18T18:28:41.324Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23820",
    "datePublished": "2023-11-14T18:52:21.457Z",
    "dateReserved": "2022-01-21T17:20:55.778Z",
    "dateUpdated": "2024-08-03T03:51:46.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46758 (GCVE-0-2021-46758)

Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-08-04 05:17

Summary

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:54:25.467Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46758",
    "datePublished": "2023-11-14T18:54:25.467Z",
    "dateReserved": "2022-03-31T16:50:27.869Z",
    "dateUpdated": "2024-08-04T05:17:42.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20589 (GCVE-0-2023-20589)

Vulnerability from nvd – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59

Title

fTPM Voltage Fault Injection

Summary

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7030 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 7030 Series Processors	Affected: various
AMD	Ryzen™ 7035 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T15:54:27.796904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T15:59:15.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 7030 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:04:17.854Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4005",
        "discovery": "UNKNOWN"
      },
      "title": "fTPM Voltage Fault Injection ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20589",
    "datePublished": "2023-08-08T17:04:17.854Z",
    "dateReserved": "2022-10-27T18:53:39.760Z",
    "dateUpdated": "2024-11-13T15:59:15.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20569 (GCVE-0-2023-20569)

Vulnerability from nvd – Published: 2023-08-08 17:02 – Updated: 2024-09-23 03:18

Summary

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	http://xenbits.xen.org/xsa/advisory-434.html
	http://www.openwall.com/lists/oss-security/2023/08/08/4
	https://comsec.ethz.ch/research/microarch/inception/
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2023…
	https://www.debian.org/security/2023/dsa-5475
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://security.netapp.com/advisory/ntap-2024060…

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7040 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7000 Series Processors	Affected: various
AMD	Ryzen™ 7000 Series Processors with Radeon™ Graphics	Affected: various
AMD	1st Gen AMD EPYC™ Processors	Affected: various
AMD	2nd Gen AMD EPYC™ Processors	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	4th Gen AMD EPYC™ Processors	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-23T03:18:32.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-434.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://comsec.ethz.ch/research/microarch/inception/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": " 1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "4th Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:02:11.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-434.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
        },
        {
          "url": "https://comsec.ethz.ch/research/microarch/inception/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7005",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20569",
    "datePublished": "2023-08-08T17:02:11.318Z",
    "dateReserved": "2022-10-27T18:53:39.754Z",
    "dateUpdated": "2024-09-23T03:18:32.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20555 (GCVE-0-2023-20555)

Vulnerability from nvd – Published: 2023-08-08 17:07 – Updated: 2024-10-24 14:36

Summary

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4	Affected: various
AMD	Ryzen™ 7000 Series Processors “Raphael”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors "Rembrandt"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors “Barcelo”	Affected: various
AMD	Ryzen™ 7020 Series Mobile Processors “Mendocino”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "V1-1.0.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "V2-PI_1.2.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon_3000g",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.A"
              },
              {
                "status": "affected",
                "version": "1.2.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.0.A"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T14:30:24.857101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T14:36:35.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors \u201cRaphael\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors \u201cBarcelo\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Mobile Processors \u201cMendocino\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:07:24.476Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4003",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20555",
    "datePublished": "2023-08-08T17:07:24.476Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2024-10-24T14:36:35.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26354 (GCVE-0-2021-26354)

Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:50

Summary

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4

Affected: various

AMD	Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors “Matisse” AM4	Affected: various
AMD	AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4	Affected: various
AMD	Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4	Affected: Various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”	Affected: various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Chagall” WS	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5	Affected: various
AMD	Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	2nd Gen AMD EPYC™ Processors	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T15:50:31.473767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:50:35.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:37.664Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26354",
    "datePublished": "2023-05-09T18:58:37.664Z",
    "dateReserved": "2021-01-29T21:24:26.148Z",
    "dateUpdated": "2025-01-28T15:50:35.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20559 (GCVE-0-2023-20559)

Vulnerability from nvd – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43

Summary

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 3000 Series	Affected: various
AMD	Ryzen™ 4000 Series	Affected: various
AMD	Ryzen™ 5000 Series	Affected: various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processor	Affected: Various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processor	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T16:43:46.344707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-691",
                "description": "CWE-691 Insufficient Control Flow Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T16:43:49.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series ",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-03-23T18:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-02T18:49:20.069Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
        }
      ],
      "source": {
        "advisory": "amd-sb-1027",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20559",
    "datePublished": "2023-03-23T18:49:41.533Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2025-02-25T16:43:49.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20558 (GCVE-0-2023-20558)

Vulnerability from nvd – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23

Summary

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 3000 Series	Affected: various
AMD	Ryzen™ 4000 Series	Affected: various
AMD	Ryzen™ 5000 Series	Affected: various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processor	Affected: Various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processor	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-20T19:20:00.856473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-670",
                "description": "CWE-670 Always-Incorrect Control Flow Implementation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-20T19:23:58.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series ",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-03-23T18:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-02T18:49:20.069Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
        }
      ],
      "source": {
        "advisory": "amd-sb-1027",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20558",
    "datePublished": "2023-03-23T18:50:11.488Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2025-02-20T19:23:58.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27672 (GCVE-0-2022-27672)

Vulnerability from nvd – Published: 2023-02-14 19:34 – Updated: 2024-08-03 05:32

Summary

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://security.gentoo.org/glsa/202402-07

Impacted products

Vendor

Product

Version

1st Gen AMD EPYC™ Processors

Affected:

AMD	2nd Gen AMD EPYC™ Processors	Affected:
AMD	Athlon™ X4 Processor	Affected:
AMD	Ryzen™ Threadripper™ PRO Processor	Affected:
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processors	Affected:
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected:
AMD	7th Generation AMD A-Series APUs	Affected:
AMD	Ryzen™ 2000 Series Processors	Affected:
AMD	Ryzen™ 3000 Series Processors	Affected:
AMD	Ryzen™ 4000 Series Processors	Affected:
AMD	Ryzen™ 5000 Series Processors	Affected:
AMD	Athlon™ Mobile Processors	Affected:

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://xenbits.xen.org/xsa/advisory-426.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-07"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 X4 Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD ",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "7th Generation AMD A-Series APUs",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": " "
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.\n\n\n"
            }
          ],
          "value": "\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.\n\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-01T05:44:22.188214Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-07"
        }
      ],
      "source": {
        "advisory": "\u202f\u202fAMD-SB-1045",
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-27672",
    "datePublished": "2023-02-14T19:34:54.028Z",
    "dateReserved": "2022-03-23T14:57:22.754Z",
    "dateUpdated": "2024-08-03T05:32:59.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20579 (GCVE-0-2023-20579)

Vulnerability from cvelistv5 – Published: 2024-02-13 19:32 – Updated: 2025-03-14 17:21

Summary

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-284 - Improper Access Control

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Affected: various

AMD	AMD Ryzen™ 7000 Series Desktop Processor	Affected: Various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7045 Series Mobile Processors	Affected: various
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T15:53:23.792810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T17:21:09.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:32:11.904Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7009",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20579",
    "datePublished": "2024-02-13T19:32:11.904Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2025-03-14T17:21:09.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20596 (GCVE-0-2023-20596)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:55 – Updated: 2024-08-02 09:05

Summary

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”	Affected: various
AMD	Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics Formerly codenamed \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series  Desktop Processors  with Radeon\u2122 Graphics Formerly codenamed \u201cRaphael\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors with Radeon\u2122 Graphics Formerly codenamed \u201cRaphael\u201d X3D",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics Formerly codenamed \u201cPhoenix\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:55:14.665Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7011",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20596",
    "datePublished": "2023-11-14T18:55:14.665Z",
    "dateReserved": "2022-10-27T18:53:39.763Z",
    "dateUpdated": "2024-08-02T09:05:36.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20571 (GCVE-0-2023-20571)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:55 – Updated: 2024-08-02 09:05

Summary

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:55:02.307Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20571",
    "datePublished": "2023-11-14T18:55:02.307Z",
    "dateReserved": "2022-10-27T18:53:39.755Z",
    "dateUpdated": "2024-08-02T09:05:45.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20565 (GCVE-0-2023-20565)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-08-02 09:05

Summary

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:27:26.573Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20565",
    "datePublished": "2023-11-14T18:54:51.738Z",
    "dateReserved": "2022-10-27T18:53:39.752Z",
    "dateUpdated": "2024-08-02T09:05:45.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20563 (GCVE-0-2023-20563)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-10-22 13:44

Summary

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8	Affected: various
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "ComboAM4V2 1.2.0.B *(2023-08-25)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "ComboAM5 1.0.7.0 (2023-04-18)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_6000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6000_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "RembrandtPI-FP7 1.0.0.9 (2023-05-16)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7035_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7035_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "RembrandtPI-FP7 1.0.0.9 (2023-05-16)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_5000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7030_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7030_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "CezannePI-FP6 1.0.0.F (2023-06-20)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP5 1.2.0.A (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP5 1.0.0.2 (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_5000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbAM4PI 1.0.0.3 (2023-07-31)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20563",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:15:29.685693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:44:05.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:27:18.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20563",
    "datePublished": "2023-11-14T18:54:41.308Z",
    "dateReserved": "2022-10-27T18:53:39.747Z",
    "dateUpdated": "2024-10-22T13:44:05.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23821 (GCVE-0-2022-23821)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26

Summary

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors “Matisse”

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™ Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-05T20:28:42.236096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T14:26:05.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:26:03.900Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23821",
    "datePublished": "2023-11-14T18:54:32.952Z",
    "dateReserved": "2022-01-21T17:20:55.779Z",
    "dateUpdated": "2024-12-03T14:26:05.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46758 (GCVE-0-2021-46758)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-08-04 05:17

Summary

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected: various

AMD	Ryzen™ 7000 Series Desktop Processors “Raphael” XD3	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:54:25.467Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46758",
    "datePublished": "2023-11-14T18:54:25.467Z",
    "dateReserved": "2022-03-31T16:50:27.869Z",
    "dateUpdated": "2024-08-04T05:17:42.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23820 (GCVE-0-2022-23820)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51

Summary

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 series Desktop Processors “Matisse"

Affected: various

AMD	AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Affected: various
AMD	AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Affected: Various
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS	Affected: various
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Affected: various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Affected: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Affected: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	AMD EPYC™ Embedded 7003	Affected: various
AMD	AMD EPYC™ Embedded 7003	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-18T18:28:41.324Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23820",
    "datePublished": "2023-11-14T18:52:21.457Z",
    "dateReserved": "2022-01-21T17:20:55.778Z",
    "dateUpdated": "2024-08-03T03:51:46.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20555 (GCVE-0-2023-20555)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:07 – Updated: 2024-10-24 14:36

Summary

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4	Affected: various
AMD	Ryzen™ 7000 Series Processors “Raphael”	Affected: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors "Rembrandt"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors “Barcelo”	Affected: various
AMD	Ryzen™ 7020 Series Mobile Processors “Mendocino”	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "V1-1.0.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "V2-PI_1.2.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon_3000g",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.A"
              },
              {
                "status": "affected",
                "version": "1.2.0.A"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.0.A"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T14:30:24.857101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T14:36:35.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors \u201cRaphael\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors \u201cBarcelo\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Mobile Processors \u201cMendocino\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:07:24.476Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4003",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20555",
    "datePublished": "2023-08-08T17:07:24.476Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2024-10-24T14:36:35.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20589 (GCVE-0-2023-20589)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59

Title

fTPM Voltage Fault Injection

Summary

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7030 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 7030 Series Processors	Affected: various
AMD	Ryzen™ 7035 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T15:54:27.796904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T15:59:15.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 7030 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:04:17.854Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4005",
        "discovery": "UNKNOWN"
      },
      "title": "fTPM Voltage Fault Injection ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20589",
    "datePublished": "2023-08-08T17:04:17.854Z",
    "dateReserved": "2022-10-27T18:53:39.760Z",
    "dateUpdated": "2024-11-13T15:59:15.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20569 (GCVE-0-2023-20569)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:02 – Updated: 2024-09-23 03:18

Summary

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	http://xenbits.xen.org/xsa/advisory-434.html
	http://www.openwall.com/lists/oss-security/2023/08/08/4
	https://comsec.ethz.ch/research/microarch/inception/
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2023…
	https://www.debian.org/security/2023/dsa-5475
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://security.netapp.com/advisory/ntap-2024060…

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7040 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7000 Series Processors	Affected: various
AMD	Ryzen™ 7000 Series Processors with Radeon™ Graphics	Affected: various
AMD	1st Gen AMD EPYC™ Processors	Affected: various
AMD	2nd Gen AMD EPYC™ Processors	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	4th Gen AMD EPYC™ Processors	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-23T03:18:32.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-434.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://comsec.ethz.ch/research/microarch/inception/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": " 1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "4th Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:02:11.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-434.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
        },
        {
          "url": "https://comsec.ethz.ch/research/microarch/inception/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7005",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20569",
    "datePublished": "2023-08-08T17:02:11.318Z",
    "dateReserved": "2022-10-27T18:53:39.754Z",
    "dateUpdated": "2024-09-23T03:18:32.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26354 (GCVE-0-2021-26354)

Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:50

Summary

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.amd.com/en/corporate/product-security…	vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4

Affected: various

AMD	Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors “Matisse” AM4	Affected: various
AMD	AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4	Affected: various
AMD	Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4	Affected: Various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”	Affected: various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Chagall” WS	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5	Affected: various
AMD	Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	2nd Gen AMD EPYC™ Processors	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T15:50:31.473767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:50:35.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:37.664Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26354",
    "datePublished": "2023-05-09T18:58:37.664Z",
    "dateReserved": "2021-01-29T21:24:26.148Z",
    "dateUpdated": "2025-01-28T15:50:35.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20558 (GCVE-0-2023-20558)

Vulnerability from cvelistv5 – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23

Summary

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 3000 Series	Affected: various
AMD	Ryzen™ 4000 Series	Affected: various
AMD	Ryzen™ 5000 Series	Affected: various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processor	Affected: Various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processor	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-20T19:20:00.856473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-670",
                "description": "CWE-670 Always-Incorrect Control Flow Implementation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-20T19:23:58.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series ",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-03-23T18:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-02T18:49:20.069Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
        }
      ],
      "source": {
        "advisory": "amd-sb-1027",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20558",
    "datePublished": "2023-03-23T18:50:11.488Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2025-02-20T19:23:58.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20559 (GCVE-0-2023-20559)

Vulnerability from cvelistv5 – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43

Summary

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 3000 Series	Affected: various
AMD	Ryzen™ 4000 Series	Affected: various
AMD	Ryzen™ 5000 Series	Affected: various
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processor	Affected: Various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processor	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T16:43:46.344707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-691",
                "description": "CWE-691 Insufficient Control Flow Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T16:43:49.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series ",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-03-23T18:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-02T18:49:20.069Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
        }
      ],
      "source": {
        "advisory": "amd-sb-1027",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20559",
    "datePublished": "2023-03-23T18:49:41.533Z",
    "dateReserved": "2022-10-27T18:53:39.746Z",
    "dateUpdated": "2025-02-25T16:43:49.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27672 (GCVE-0-2022-27672)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:34 – Updated: 2024-08-03 05:32

Summary

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://security.gentoo.org/glsa/202402-07

Impacted products

Vendor

Product

Version

1st Gen AMD EPYC™ Processors

Affected:

AMD	2nd Gen AMD EPYC™ Processors	Affected:
AMD	Athlon™ X4 Processor	Affected:
AMD	Ryzen™ Threadripper™ PRO Processor	Affected:
AMD	2nd Gen AMD Ryzen™ Threadripper™ Processors	Affected:
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors	Affected:
AMD	7th Generation AMD A-Series APUs	Affected:
AMD	Ryzen™ 2000 Series Processors	Affected:
AMD	Ryzen™ 3000 Series Processors	Affected:
AMD	Ryzen™ 4000 Series Processors	Affected:
AMD	Ryzen™ 5000 Series Processors	Affected:
AMD	Athlon™ Mobile Processors	Affected:

Show details on NVD website