Vulnerabilites related to AMD - 1st Gen AMD EPYC™ Processors
cve-2021-26356
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2025-01-28 15:48
Severity ?
EPSS score ?
Summary
A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:24.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2021-26356", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:48:34.459184Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:48:38.470Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-05-09T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n<br>", }, ], value: "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-05-09T18:58:48.108Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], source: { advisory: "AMD-SB-4001, AMD-SB-3001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-26356", datePublished: "2023-05-09T18:58:48.108Z", dateReserved: "2021-01-29T21:24:26.149Z", dateUpdated: "2025-01-28T15:48:38.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46756
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2025-01-28 15:38
Severity ?
EPSS score ?
Summary
Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.446Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-46756", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:38:16.732242Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:38:19.211Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4", vendor: "AMD", versions: [ { status: "affected", version: "Various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” ", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-05-09T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-05-09T19:00:35.599Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], source: { advisory: "AMD-SB-4001, AMD-SB-3001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46756", datePublished: "2023-05-09T19:00:35.599Z", dateReserved: "2022-03-31T16:50:27.868Z", dateUpdated: "2025-01-28T15:38:19.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20587
Vulnerability from cvelistv5
Published
2024-02-13 19:31
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Improper
Access Control in System Management Mode (SMM) may allow an attacker access to
the SPI flash potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", packageName: "PI", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", platforms: [ "x86", ], product: "AMD EPYC(TM) Embedded 3000 ", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", platforms: [ "x86", ], product: "AMD EPYC(TM) Embedded 7002 ", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC(TM) Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", platforms: [ "x86", ], product: "AMD EPYC(TM) Embedded 9003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2024-02-13T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:32:33.392Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", }, ], source: { advisory: "AMD-SB-7009", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20587", datePublished: "2024-02-13T19:31:22.706Z", dateReserved: "2022-10-27T18:53:39.759Z", dateUpdated: "2024-08-02T09:05:36.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20592
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-10-11 18:07
Severity ?
EPSS score ?
Summary
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 1st Gen AMD EPYC™ Processors |
Version: various |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.266Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20592", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T17:51:51.383280Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T18:07:49.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: " ", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: " ", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors ", vendor: " AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:54:13.255Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005", }, ], source: { advisory: "AMD-SB-3005", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20592", datePublished: "2023-11-14T18:54:13.255Z", dateReserved: "2022-10-27T18:53:39.762Z", dateUpdated: "2024-10-11T18:07:49.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27672
Vulnerability from cvelistv5
Published
2023-02-14 19:34
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target
from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 1st Gen AMD EPYC™ Processors |
Version: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://xenbits.xen.org/xsa/advisory-426.html", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202402-07", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: " AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Athlon™ X4 Processor", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processor", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "2nd Gen AMD Ryzen™ Threadripper™ Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "3rd Gen AMD Ryzen™ Threadripper™ Processors", vendor: "AMD ", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "7th Generation AMD A-Series APUs", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Athlon™ Mobile Processors", vendor: "AMD", versions: [ { status: "affected", version: " ", }, ], }, ], datePublic: "2023-02-14T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.\n\n\n", }, ], value: "\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.\n\n\n", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-01T05:44:22.188214Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045", }, { url: "https://security.gentoo.org/glsa/202402-07", }, ], source: { advisory: " AMD-SB-1045", discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-27672", datePublished: "2023-02-14T19:34:54.028Z", dateReserved: "2022-03-23T14:57:22.754Z", dateUpdated: "2024-08-03T05:32:59.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20521
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-20521", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-27T19:38:18.334372Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T14:56:31.535Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:42:56.250Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20521", datePublished: "2023-11-14T18:52:31.662Z", dateReserved: "2022-10-27T18:53:39.737Z", dateUpdated: "2024-08-02T09:05:36.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20526
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” |
Version: various |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.<br>", }, ], value: "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 1.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:43:52.998Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20526", datePublished: "2023-11-14T18:52:41.992Z", dateReserved: "2022-10-27T18:53:39.737Z", dateUpdated: "2024-08-02T09:05:36.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20569
Vulnerability from cvelistv5
Published
2023-08-08 17:02
Modified
2024-09-23 03:18
Severity ?
EPSS score ?
Summary
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005 | vendor-advisory | |
| http://xenbits.xen.org/xsa/advisory-434.html | ||
| http://www.openwall.com/lists/oss-security/2023/08/08/4 | ||
| https://comsec.ethz.ch/research/microarch/inception/ | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/ | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/ | ||
| https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html | ||
| https://www.debian.org/security/2023/dsa-5475 | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/ | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/ | ||
| https://security.netapp.com/advisory/ntap-20240605-0006/ |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 Series Desktop Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-23T03:18:32.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005", }, { tags: [ "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-434.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/08/08/4", }, { tags: [ "x_transferred", ], url: "https://comsec.ethz.ch/research/microarch/inception/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5475", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240605-0006/", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ PRO 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Athlon™ 3000 Series Processors with Radeon™ Graphics ", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ PRO 4000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processors ", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ PRO 5000 Series Desktop Processors", vendor: " ", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 2000 Series Processors ", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: " Ryzen™ Threadripper™ 5000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ PRO 5000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ PRO 6000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: " 1st Gen AMD EPYC™ Processors", vendor: "AMD ", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-08-08T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">A side channel vulnerability on some </span><span style=\"background-color: rgb(255, 255, 255);\">of the </span><span style=\"background-color: rgb(255, 255, 255);\">AMD CPUs may allow an attacker to influence </span><span style=\"background-color: rgb(255, 255, 255);\">the </span><span style=\"background-color: rgb(255, 255, 255);\">return address prediction</span><span style=\"background-color: rgb(255, 255, 255);\">. This may</span><span style=\"background-color: rgb(255, 255, 255);\"> result in speculative execution at an attacker-controlled </span><span style=\"background-color: rgb(255, 255, 255);\">address</span><span style=\"background-color: rgb(255, 255, 255);\">, potentially leading to information disclosure.</span>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], value: "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-08-08T17:02:11.318Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005", }, { url: "http://xenbits.xen.org/xsa/advisory-434.html", }, { url: "http://www.openwall.com/lists/oss-security/2023/08/08/4", }, { url: "https://comsec.ethz.ch/research/microarch/inception/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/", }, { url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html", }, { url: "https://www.debian.org/security/2023/dsa-5475", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/", }, { url: "https://security.netapp.com/advisory/ntap-20240605-0006/", }, ], source: { advisory: "AMD-SB-7005", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20569", datePublished: "2023-08-08T17:02:11.318Z", dateReserved: "2022-10-27T18:53:39.754Z", dateUpdated: "2024-09-23T03:18:32.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20575
Vulnerability from cvelistv5
Published
2023-07-11 18:29
Modified
2024-11-27 16:01
Severity ?
EPSS score ?
Summary
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 1st Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20575", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T15:57:15.725721Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "CWE-203 Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-27T16:01:14.610Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "affected", packageName: " ", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "Various ", }, ], }, ], datePublic: "2023-07-11T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(248, 249, 250);\">A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.</span>\n\n\n\n\n\n\n\n\n\n", }, ], value: "\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-07-11T18:29:02.607Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004", }, ], source: { advisory: "AMD-SB-3004", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20575", datePublished: "2023-07-11T18:29:02.607Z", dateReserved: "2022-10-27T18:53:39.756Z", dateUpdated: "2024-11-27T16:01:14.610Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23829
Vulnerability from cvelistv5
Published
2024-06-18 19:01
Modified
2024-08-29 20:40
Severity ?
EPSS score ?
Summary
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_5995wx", vendor: "amd", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6980hx", vendor: "amd", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-23829", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T17:32:15.481387Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T20:40:26.171Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Mobile Processors and Workstations", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processor", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC (TM) Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2024-06-11T18:54:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.</span>\n\n", }, ], value: "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T19:01:57.007Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23829", datePublished: "2024-06-18T19:01:24.315Z", dateReserved: "2022-01-21T17:20:55.781Z", dateUpdated: "2024-08-29T20:40:26.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Severity ?
EPSS score ?
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-12T12:56:32.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw", }, { url: "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf", }, { url: "https://news.ycombinator.com/item?id=41475975", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { affected: [ { cpes: [ "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1st_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "naples.pi.1.0.0.m", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "3rd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "milan.pi.1.0.0.d", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "2nd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "rome.pi.1.0.0.j", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "4th_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "genoa_pi_1.0.0.c", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7002", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7003", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_9003", vendor: "amd", versions: [ { lessThan: "emgenoa.pi.1.0.0.7", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_7000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_5000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7040_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "phoenixpi-fp8-fp7.1.1.0.3", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7000_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_3000_series_processors", vendor: "amd", versions: [ { lessThan: "castlepeakpl-sp3r3.1.0.0.b", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, { lessThan: "castlepeakwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_3000wx_series_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "athlon_3000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, { lessThan: "pollockpi-ft5.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "renoirpi-fp6.1.0.0.e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6.1.0.1.1", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7030_series-mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7045_series_mobile_processors", vendor: "amd", versions: [ { lessThan: "dragonrangefl1.1.0.0.3e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6000_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7020_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "mendocinopi-ft6.1.0.0.7", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7035_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_8000_series_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "unaffected", version: "various", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31315", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T17:29:59.373286Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T14:54:02.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Milan PI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Naples PI 1.0.0.M", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Rome PI 1.0.0.J", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Genoa PI 1.0.0.C", status: "unaffected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI 1.0.0.7", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { lessThan: "CastlePeakPI-SP3r3 1.0.0.B", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "affected", version: "various", versionType: "PI", }, { lessThan: "CastlePeakWSPI-sWRX8 1.0.0.D", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "unaffected", version: "various", versionType: "PI", }, { lessThan: "PollockPI-FT5 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RenoirPI-FP6 1.0.0.E", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6 1.0.1.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "PhoenixPI-FP8-FP7 1.1.0.3", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7045 Series Mobile Processors", vendor: "AMD", versions: [ { lessThan: "DragonRangeFL1 1.0.0.3e", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "MendocinoPI-FT6 1.0.0.7", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, ], datePublic: "2024-08-09T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.</span>", }, ], value: "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T15:37:24.501Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31315", datePublished: "2024-08-09T17:08:24.237Z", dateReserved: "2023-04-27T15:25:41.423Z", dateUpdated: "2024-09-12T12:56:32.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26406
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2025-01-28 15:44
Severity ?
EPSS score ?
Summary
Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Version: various |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-26406", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:44:02.335365Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:44:16.511Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-05-09T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n<br>", }, ], value: "Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-05-09T18:59:29.119Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], source: { advisory: "AMD-SB-4001, AMD-SB-3001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-26406", datePublished: "2023-05-09T18:59:29.119Z", dateReserved: "2021-01-29T21:24:26.170Z", dateUpdated: "2025-01-28T15:44:16.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46774
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-10-11 18:07
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.622Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-46774", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T17:51:52.542045Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T18:07:59.642Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 series Desktop Processors “Matisse\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:31:43.449Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46774", datePublished: "2023-11-14T18:52:11.012Z", dateReserved: "2022-03-31T16:50:27.874Z", dateUpdated: "2024-10-11T18:07:59.642Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26371
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2025-01-28 15:46
Severity ?
EPSS score ?
Summary
A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Version: various |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.196Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2021-26371", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:45:57.811621Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:46:02.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "AGESA", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-05-09T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n<br>", }, ], value: "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-05-09T18:59:16.122Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", }, ], source: { advisory: "AMD-SB-4001, AMD-SB-3001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-26371", datePublished: "2023-05-09T18:59:16.122Z", dateReserved: "2021-01-29T21:24:26.152Z", dateUpdated: "2025-01-28T15:46:02.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }