Search
Find a vulnerability
Search criteria
22 vulnerabilities found for ryzen_threadripper_pro_3795wx_firmware by amd
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20597 (GCVE-0-2023-20597)
Vulnerability from nvd – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45
VLAI
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
14 products
Date Public
2023-09-20 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T16:02:44.267356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:04:20.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.4"
}
]
}
],
"datePublic": "2023-09-20T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:45:52.386Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20597",
"datePublished": "2023-09-20T17:32:18.969Z",
"dateReserved": "2022-10-27T18:53:39.763Z",
"dateUpdated": "2025-06-27T21:45:52.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20594 (GCVE-0-2023-20594)
Vulnerability from nvd – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41
VLAI
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
17 products
Date Public
2023-09-20 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:25:52.143486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:26:01.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI_FP7r2 1.0.0.B"
}
]
}
],
"datePublic": "2023-09-20T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
}
],
"value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:41:58.197Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20594",
"datePublished": "2023-09-20T17:27:59.742Z",
"dateReserved": "2022-10-27T18:53:39.762Z",
"dateUpdated": "2025-06-27T21:41:58.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20559 (GCVE-0-2023-20559)
Vulnerability from nvd – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
VLAI
Summary
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-691 - Insufficient Control Flow Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 4000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series |
Affected:
various
|
|
| AMD | 2nd Gen AMD Ryzen™ Threadripper™ Processor |
Affected:
Various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processor |
Affected:
various
|
Date Public
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:43:46.344707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691 Insufficient Control Flow Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:43:49.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20559",
"datePublished": "2023-03-23T18:49:41.533Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-25T16:43:49.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20558 (GCVE-0-2023-20558)
Vulnerability from nvd – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
VLAI
Summary
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 4000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series |
Affected:
various
|
|
| AMD | 2nd Gen AMD Ryzen™ Threadripper™ Processor |
Affected:
Various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processor |
Affected:
various
|
Date Public
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.856473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:23:58.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
}
],
"value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20558",
"datePublished": "2023-03-23T18:50:11.488Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-20T19:23:58.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26316 (GCVE-0-2021-26316)
Vulnerability from nvd – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
VLAI
Summary
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
|
| AMD | Ryzen 2000 Series |
Affected:
various
|
|
| AMD | Ryzen 3000 Series |
Affected:
various
|
|
| AMD | 1st Gen EPYC |
Affected:
various
|
|
| AMD | 2nd Gen EPYC |
Affected:
Various
|
|
| AMD | 3rd Gen EPYC |
Affected:
various
|
Date Public
2023-01-10 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:18:38.823141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:19:17.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 2000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 3000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA ",
"platforms": [
"x86"
],
"product": "1st Gen EPYC ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen EPYC",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen EPYC",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
}
],
"value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"source": {
"advisory": "AMD-SB-1031, AMD-SB-1032",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26316",
"datePublished": "2023-01-10T19:46:46.575Z",
"dateReserved": "2021-01-29T21:24:26.137Z",
"dateUpdated": "2025-04-09T15:19:17.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23824 (GCVE-0-2022-23824)
Vulnerability from nvd – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
VLAI
Summary
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | |
| http://www.openwall.com/lists/oss-security/2022/11/10/2 | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2023/dsa-5378 | vendor-advisory |
| https://security.gentoo.org/glsa/202402-07 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T01:23:48.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23824",
"datePublished": "2022-11-09T20:48:06.826Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46778 (GCVE-0-2021-46778)
Vulnerability from nvd – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
VLAI
Summary
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T20:20:12.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
"ID": "CVE-2021-46778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "Some AMD Processors"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46778",
"datePublished": "2022-08-09T20:20:12.911Z",
"dateReserved": "2022-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:13.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23825 (GCVE-0-2022-23825)
Vulnerability from nvd – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
VLAI
Summary
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5184 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2022/11/08/1 | mailing-list |
| http://www.openwall.com/lists/oss-security/2022/11/10/2 | mailing-list |
| https://security.gentoo.org/glsa/202402-07 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:51.356Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23825",
"datePublished": "2022-07-14T19:27:08.292Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from nvd – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
VLAI
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- NA
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5207 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://www.secpod.com/blog/retbleed-intel-and-am… | |
| https://security.gentoo.org/glsa/202402-07 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:09:18.710200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:13:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:53.374Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-29900",
"datePublished": "2022-07-12T15:50:10.585Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-11-20T16:13:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23823 (GCVE-0-2022-23823)
Vulnerability from nvd – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
VLAI
Summary
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public
2022-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:13:04.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
"ID": "CVE-2022-23823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23823",
"datePublished": "2022-06-15T19:13:04.771Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:08.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20597 (GCVE-0-2023-20597)
Vulnerability from cvelistv5 – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45
VLAI
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
14 products
Date Public
2023-09-20 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T16:02:44.267356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:04:20.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.4"
}
]
}
],
"datePublic": "2023-09-20T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:45:52.386Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20597",
"datePublished": "2023-09-20T17:32:18.969Z",
"dateReserved": "2022-10-27T18:53:39.763Z",
"dateUpdated": "2025-06-27T21:45:52.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20594 (GCVE-0-2023-20594)
Vulnerability from cvelistv5 – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41
VLAI
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
17 products
Date Public
2023-09-20 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:25:52.143486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:26:01.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI_FP7r2 1.0.0.B"
}
]
}
],
"datePublic": "2023-09-20T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
}
],
"value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:41:58.197Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20594",
"datePublished": "2023-09-20T17:27:59.742Z",
"dateReserved": "2022-10-27T18:53:39.762Z",
"dateUpdated": "2025-06-27T21:41:58.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20558 (GCVE-0-2023-20558)
Vulnerability from cvelistv5 – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
VLAI
Summary
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 4000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series |
Affected:
various
|
|
| AMD | 2nd Gen AMD Ryzen™ Threadripper™ Processor |
Affected:
Various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processor |
Affected:
various
|
Date Public
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.856473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:23:58.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
}
],
"value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20558",
"datePublished": "2023-03-23T18:50:11.488Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-20T19:23:58.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20559 (GCVE-0-2023-20559)
Vulnerability from cvelistv5 – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
VLAI
Summary
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-691 - Insufficient Control Flow Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 4000 Series |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series |
Affected:
various
|
|
| AMD | 2nd Gen AMD Ryzen™ Threadripper™ Processor |
Affected:
Various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processor |
Affected:
various
|
Date Public
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:43:46.344707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691 Insufficient Control Flow Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:43:49.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20559",
"datePublished": "2023-03-23T18:49:41.533Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-25T16:43:49.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26316 (GCVE-0-2021-26316)
Vulnerability from cvelistv5 – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
VLAI
Summary
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
|
| AMD | Ryzen 2000 Series |
Affected:
various
|
|
| AMD | Ryzen 3000 Series |
Affected:
various
|
|
| AMD | 1st Gen EPYC |
Affected:
various
|
|
| AMD | 2nd Gen EPYC |
Affected:
Various
|
|
| AMD | 3rd Gen EPYC |
Affected:
various
|
Date Public
2023-01-10 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:18:38.823141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:19:17.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 2000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 3000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA ",
"platforms": [
"x86"
],
"product": "1st Gen EPYC ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen EPYC",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen EPYC",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
}
],
"value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"source": {
"advisory": "AMD-SB-1031, AMD-SB-1032",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26316",
"datePublished": "2023-01-10T19:46:46.575Z",
"dateReserved": "2021-01-29T21:24:26.137Z",
"dateUpdated": "2025-04-09T15:19:17.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23824 (GCVE-0-2022-23824)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
VLAI
Summary
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | |
| http://www.openwall.com/lists/oss-security/2022/11/10/2 | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2023/dsa-5378 | vendor-advisory |
| https://security.gentoo.org/glsa/202402-07 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T01:23:48.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23824",
"datePublished": "2022-11-09T20:48:06.826Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46778 (GCVE-0-2021-46778)
Vulnerability from cvelistv5 – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
VLAI
Summary
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T20:20:12.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
"ID": "CVE-2021-46778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "Some AMD Processors"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46778",
"datePublished": "2022-08-09T20:20:12.911Z",
"dateReserved": "2022-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:13.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23825 (GCVE-0-2022-23825)
Vulnerability from cvelistv5 – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
VLAI
Summary
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5184 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2022/11/08/1 | mailing-list |
| http://www.openwall.com/lists/oss-security/2022/11/10/2 | mailing-list |
| https://security.gentoo.org/glsa/202402-07 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:51.356Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23825",
"datePublished": "2022-07-14T19:27:08.292Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from cvelistv5 – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
VLAI
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- NA
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5207 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://www.secpod.com/blog/retbleed-intel-and-am… | |
| https://security.gentoo.org/glsa/202402-07 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:09:18.710200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:13:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:53.374Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-29900",
"datePublished": "2022-07-12T15:50:10.585Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-11-20T16:13:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23823 (GCVE-0-2022-23823)
Vulnerability from cvelistv5 – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
VLAI
Summary
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Severity
No CVSS data available.
CWE
- NA
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public
2022-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:13:04.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
"ID": "CVE-2022-23823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23823",
"datePublished": "2022-06-15T19:13:04.771Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:08.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}