All the vulnerabilites related to AMD - 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”
cve-2021-26406
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:59:29.119Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26406", "datePublished": "2023-05-09T18:59:29.119Z", "dateReserved": "2021-01-29T21:24:26.170Z", "dateUpdated": "2024-08-03T20:26:25.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26354
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:58:37.664Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26354", "datePublished": "2023-05-09T18:58:37.664Z", "dateReserved": "2021-01-29T21:24:26.148Z", "dateUpdated": "2024-08-03T20:26:25.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46756
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:00:35.599Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46756", "datePublished": "2023-05-09T19:00:35.599Z", "dateReserved": "2022-03-31T16:50:27.868Z", "dateUpdated": "2024-08-04T05:17:42.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }