Vulnerabilites related to AMD - AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
cve-2021-26344
Vulnerability from cvelistv5
Published
2024-08-13 16:49
Modified
2025-03-18 15:35
Severity ?
EPSS score ?
Summary
An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "naplespi", vendor: "amd", versions: [ { lessThan: "1.0.0.k", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "romepi", vendor: "amd", versions: [ { lessThan: "1.0.0.C", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "milanpi", vendor: "amd", versions: [ { lessThan: "1.0.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2021-26344", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-13T18:29:11.333464Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T15:35:45.232Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD EPYC™ 7001 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 7002 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "RomePI 1.0.0.C", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 7003 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "MilanPI 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4V2 1.2.0.A", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4V2 1.2.0.A", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "CezannePI-FP6 1.0.0.E", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "MendocinoPI-FT6 1.0.0.3", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "CezannePI-FP6 1.0.0.E", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "CezannePI-FP6 1.0.0.E", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7002 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbRomePI-SP3 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "Various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbMilanPI-SP3 1.0.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "v", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "v", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "v", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "v", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000 Series Processors", vendor: "AMD", versions: [ { status: "affected", version: "v", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP7r2 1.0.0.4", }, ], }, ], datePublic: "2024-08-13T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>", }, ], value: "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T16:49:52.889Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-26344", datePublished: "2024-08-13T16:49:52.889Z", dateReserved: "2021-01-29T21:24:26.145Z", dateUpdated: "2025-03-18T15:35:45.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23829
Vulnerability from cvelistv5
Published
2024-06-18 19:01
Modified
2024-08-29 20:40
Severity ?
EPSS score ?
Summary
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_5995wx", vendor: "amd", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6980hx", vendor: "amd", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-23829", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T17:32:15.481387Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T20:40:26.171Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Mobile Processors and Workstations", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processor", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC (TM) Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2024-06-11T18:54:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.</span>\n\n", }, ], value: "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T19:01:57.007Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23829", datePublished: "2024-06-18T19:01:24.315Z", dateReserved: "2022-01-21T17:20:55.781Z", dateUpdated: "2024-08-29T20:40:26.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31342
Vulnerability from cvelistv5
Published
2025-02-11 22:24
Modified
2025-02-12 15:35
Severity ?
EPSS score ?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD EPYC™ 7003 Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-31342", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:35:29.149040Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:35:57.126Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD EPYC™ 7003 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "MilanPI 1.0.0.C", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 9004 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "GenoaPI 1.0.0.B", }, ], }, { defaultStatus: "affected", product: "AMD Instinct™ MI300A", vendor: "AMD", versions: [ { status: "unaffected", version: "MI300API 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Pollock-FT5 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Picasso-FP5 1.0.1.1", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RenoirPI-FP6 1.0.0.D", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Cezanne-FP6 1.0.1.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "MendocinoPI-FT6 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Rembrandt-FP7 1.0.0.A", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Rembrandt-FP7 1.0.0.A", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "PhoenixPI-FP8-FP7 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "DragonRangeFL1PI 1.0.0.3C", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbMilanPI-SP3 1.0.0.8", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9004", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbGenoaPI-SP5 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP5 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedR2KPI-FP5 1.0.0.3", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbAM4PI 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedAM5PI 1.0.0.1", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP6 1.0.0.9", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "Embedded-PI FP7r2 1.0.0.9", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.", }, ], value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T22:24:02.153Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31342", datePublished: "2025-02-11T22:24:02.153Z", dateReserved: "2023-04-27T15:25:41.425Z", dateUpdated: "2025-02-12T15:35:57.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20515
Vulnerability from cvelistv5
Published
2025-02-11 21:16
Modified
2025-02-12 15:35
Severity ?
EPSS score ?
Summary
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ 3000 Series Desktop Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-20515", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T14:03:56.637259Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:35:01.957Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.CA", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.CA", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.CA", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.0.8.0", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.CA", }, { status: "unaffected", version: "ComboAM4PI 1.0.0.B", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.CA", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.0.8.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "CastlePeakPI-SP3r3 1.0.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "CastlePeakWSPI-sWRX8 1.0.0.E", }, { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.9", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Pollock-FT5 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Picasso-FP5 1.0.1.1", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RenoirPI-FP6 1.0.0.D", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "Cezanne-FP6 1.0.1.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "MendocinoPI-FT6 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.9b", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.9b", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "PhoenixPI-FP8-FP7 1.0.8.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "DragonRangeFL1PI 1.0.0.3b", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP5 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedR2KPI-FP5 1.0.0.3", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbAM4PI 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedAM5PI 1.0.0.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP6 1.0.0.9", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "No Fix Planned", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "Embedded-PIFP7r2 1.0.0.8", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.", }, ], value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T21:16:29.016Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20515", datePublished: "2025-02-11T21:16:29.016Z", dateReserved: "2022-10-27T18:53:39.736Z", dateUpdated: "2025-02-12T15:35:01.957Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31345
Vulnerability from cvelistv5
Published
2025-02-11 23:49
Modified
2025-02-12 15:33
Severity ?
EPSS score ?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD EPYC™ 7003 Processors |
Version: MilanPI 1.0.0.C |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-31345", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:32:58.953979Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:33:04.071Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD EPYC™ 7003 Processors", vendor: "AMD", versions: [ { status: "affected", version: "MilanPI 1.0.0.C", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 9004 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "GenoaPI 1.0.0.B", }, ], }, { defaultStatus: "affected", product: "AMD Instinct™ MI300A", vendor: "AMD", versions: [ { status: "unaffected", version: "MI300API 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Pollock-FT5 1.0.0.7\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Picasso-FP5 1.0.1.1\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"RenoirPI-FP6 1.0.0.D\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Cezanne-FP6 1.0.1.0\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"MendocinoPI-FT6 1.0.0.6\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Rembrandt-FP7 1.0.0.A\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Rembrandt-FP7 1.0.0.A\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"PhoenixPI-FP8-FP7 1.1.0.2\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "\"DragonRangeFL1PI 1.0.0.3C\"", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbMilanPI-SP3 1.0.0.8\"", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9004", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbGenoaPI-SP5 1.0.0.6", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbAM4PI 1.0.0.5\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedAM5PI 1.0.0.1", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbeddedPI-FP6 1.0.0.9\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Embedded-PI FP7r2 1.0.0.9\"", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.", }, ], value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T23:49:05.388Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31345", datePublished: "2025-02-11T23:49:05.388Z", dateReserved: "2023-04-27T15:25:41.427Z", dateUpdated: "2025-02-12T15:33:04.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21971
Vulnerability from cvelistv5
Published
2025-02-12 00:01
Modified
2025-02-12 15:32
Severity ?
EPSS score ?
Summary
Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ 5000 Series Desktop Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21971", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:32:03.493834Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:32:39.200Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "affected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7045 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ RX 5000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ PRO W5000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ RX 7000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ PRO W7000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ VII", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ PRO VII", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ Instinct™ MI25", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V520", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V620", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V710", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "24.10.21.01", }, { status: "unaffected", version: "23.19.16", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.", }, ], value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T00:05:50.860Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2024-21971", datePublished: "2025-02-12T00:01:00.419Z", dateReserved: "2024-01-03T16:43:28.699Z", dateUpdated: "2025-02-12T15:32:39.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Severity ?
EPSS score ?
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-12T12:56:32.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw", }, { url: "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf", }, { url: "https://news.ycombinator.com/item?id=41475975", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { affected: [ { cpes: [ "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1st_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "naples.pi.1.0.0.m", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "3rd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "milan.pi.1.0.0.d", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "2nd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "rome.pi.1.0.0.j", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "4th_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "genoa_pi_1.0.0.c", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7002", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7003", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_9003", vendor: "amd", versions: [ { lessThan: "emgenoa.pi.1.0.0.7", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_7000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_5000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7040_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "phoenixpi-fp8-fp7.1.1.0.3", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7000_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_3000_series_processors", vendor: "amd", versions: [ { lessThan: "castlepeakpl-sp3r3.1.0.0.b", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, { lessThan: "castlepeakwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_3000wx_series_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "athlon_3000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, { lessThan: "pollockpi-ft5.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "renoirpi-fp6.1.0.0.e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6.1.0.1.1", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7030_series-mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7045_series_mobile_processors", vendor: "amd", versions: [ { lessThan: "dragonrangefl1.1.0.0.3e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6000_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7020_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "mendocinopi-ft6.1.0.0.7", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7035_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_8000_series_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "unaffected", version: "various", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31315", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T17:29:59.373286Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T14:54:02.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Milan PI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Naples PI 1.0.0.M", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Rome PI 1.0.0.J", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Genoa PI 1.0.0.C", status: "unaffected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI 1.0.0.7", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { lessThan: "CastlePeakPI-SP3r3 1.0.0.B", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "affected", version: "various", versionType: "PI", }, { lessThan: "CastlePeakWSPI-sWRX8 1.0.0.D", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "unaffected", version: "various", versionType: "PI", }, { lessThan: "PollockPI-FT5 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RenoirPI-FP6 1.0.0.E", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6 1.0.1.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "PhoenixPI-FP8-FP7 1.1.0.3", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7045 Series Mobile Processors", vendor: "AMD", versions: [ { lessThan: "DragonRangeFL1 1.0.0.3e", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "MendocinoPI-FT6 1.0.0.7", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, ], datePublic: "2024-08-09T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.</span>", }, ], value: "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T15:37:24.501Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31315", datePublished: "2024-08-09T17:08:24.237Z", dateReserved: "2023-04-27T15:25:41.423Z", dateUpdated: "2024-09-12T12:56:32.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20508
Vulnerability from cvelistv5
Published
2025-02-11 23:34
Modified
2025-02-12 15:33
Severity ?
EPSS score ?
Summary
Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Radeon™ RX 6000 Series Graphics Products | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-20508", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:33:25.967588Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:33:36.214Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD Radeon™ RX 6000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Radeon™ PRO W6000 Series Graphics Products", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ Instinct™ MI25", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V520", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V620", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "unknown", product: "AMD Radeon™ PRO V710", vendor: "AMD", versions: [ { status: "unknown", version: "Contact your AMD Customer Engineering representative", }, ], }, { defaultStatus: "affected", product: "AMD Instinct™ MI300A", vendor: "AMD", versions: [ { status: "unaffected", version: "MI300PI 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Instinct™ MI300X", vendor: "AMD", versions: [ { status: "unaffected", version: "BKC 24.12", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7045 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)", }, { status: "unaffected", version: "AMD Software: PRO Edition 24.Q2 (24.10.20)", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.", }, ], value: "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T23:34:02.874Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20508", datePublished: "2025-02-11T23:34:02.874Z", dateReserved: "2022-10-27T18:53:39.735Z", dateUpdated: "2025-02-12T15:33:36.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31343
Vulnerability from cvelistv5
Published
2025-02-11 22:35
Modified
2025-02-12 15:35
Severity ?
EPSS score ?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD EPYC™ 7003 Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-31343", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:34:57.941103Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:35:05.712Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "AMD EPYC™ 7003 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "MilanPI 1.0.0.C", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 9004 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "GenoaPI 1.0.0.B", }, ], }, { defaultStatus: "affected", product: "AMD Instinct™ MI300A", vendor: "AMD", versions: [ { status: "unaffected", version: "MI300API 1.0.0.5", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM4v2PI 1.2.0.C", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.1.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Pollock-FT5 1.0.0.7\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Picasso-FP5 1.0.1.1\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"RenoirPI-FP6 1.0.0.D\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Cezanne-FP6 1.0.1.0\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"MendocinoPI-FT6 1.0.0.6\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Rembrandt-FP7 1.0.0.A\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Rembrandt-FP7 1.0.0.A\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "\"PhoenixPI-FP8-FP7 1.1.0.2\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Mobile Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "\"DragonRangeFL1PI 1.0.0.3C\"", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbMilanPI-SP3 1.0.0.8\"", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 9004", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbGenoaPI-SP5 1.0.0.6", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbeddedPI-FP5 1.2.0.C\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "\"EmbeddedR2KPI-FP5 1.0.0.3\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbAM4PI 1.0.0.5\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedAM5PI 1.0.0.1", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"EmbeddedPI-FP6 1.0.0.9\"", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "\"Embedded-PI FP7r2 1.0.0.9\"", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.<br>", }, ], value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T22:35:04.110Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", }, { url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31343", datePublished: "2025-02-11T22:35:04.110Z", dateReserved: "2023-04-27T15:25:41.426Z", dateUpdated: "2025-02-12T15:35:05.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }