All the vulnerabilites related to AMD - 1st Gen AMD EPYC™
cve-2021-26320
Vulnerability from cvelistv5
Published
2021-11-16 18:05
Modified
2024-09-16 18:34
Severity
Summary
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T18:05:10",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26320",
"datePublished": "2021-11-16T18:05:10.770439Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T18:34:19.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26331
Vulnerability from cvelistv5
Published
2021-11-16 18:09
Modified
2024-09-16 21:03
Severity
Summary
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T18:09:35",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26331",
"datePublished": "2021-11-16T18:09:35.653452Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T21:03:02.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26322
Vulnerability from cvelistv5
Published
2021-11-16 17:58
Modified
2024-09-17 00:56
Severity
Summary
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Persistent platform private key may not be protected with a random IV leading to a potential \u201ctwo time pad attack\u201d."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "CWE-320 Key Management Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T17:58:40",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent platform private key may not be protected with a random IV leading to a potential \u201ctwo time pad attack\u201d."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-320 Key Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26322",
"datePublished": "2021-11-16T17:58:40.230958Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T00:56:29.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26408
Vulnerability from cvelistv5
Published
2022-05-10 18:22
Modified
2024-09-16 21:04
Severity
Summary
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest\u0027s integrity or confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T18:22:50",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-06T20:00:00.000Z",
"ID": "CVE-2021-26408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest\u0027s integrity or confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26408",
"datePublished": "2022-05-10T18:22:50.329992Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T21:04:07.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12954
Vulnerability from cvelistv5
Published
2021-11-16 18:11
Modified
2024-09-16 18:48
Severity
Summary
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T18:11:02",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12954",
"datePublished": "2021-11-16T18:11:02.785753Z",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-09-16T18:48:26.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26329
Vulnerability from cvelistv5
Published
2021-11-16 17:57
Modified
2024-09-16 22:24
Severity
Summary
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T17:57:01",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26329",
"datePublished": "2021-11-16T17:57:01.031900Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T22:24:45.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20520
Vulnerability from cvelistv5
Published
2023-05-09 18:36
Modified
2024-08-02 09:05
Severity
Summary
Improper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n"
}
],
"value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:53:42.276Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"source": {
"advisory": "AMD-SB-3001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20520",
"datePublished": "2023-05-09T18:36:29.141Z",
"dateReserved": "2022-10-27T18:53:39.737Z",
"dateUpdated": "2024-08-02T09:05:36.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26321
Vulnerability from cvelistv5
Published
2021-11-16 18:07
Modified
2024-09-16 18:56
Severity
Summary
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T18:07:26",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26321",
"datePublished": "2021-11-16T18:07:26.527350Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T18:56:13.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26330
Vulnerability from cvelistv5
Published
2021-11-16 18:19
Modified
2024-09-16 18:12
Severity
Summary
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
References
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| AMD | 1st Gen AMD EPYC™ |
| AMD | 2nd Gen AMD EPYC™ |
| AMD | 3rd Gen AMD EPYC™ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T18:19:29",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26330",
"datePublished": "2021-11-16T18:19:29.476922Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T18:12:54.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}