Vulnerabilites related to AMD - AMD EPYC™ Embedded 9003
cve-2023-20578
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2025-03-18 20:03
Severity ?
EPSS score ?
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7001", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.k", }, ], }, { cpes: [ "cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7002", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.g", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_9004", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.2", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_3000", vendor: "amd", versions: [ { status: "unaffected", version: "1.1.0.a", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7002", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.a", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7003", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.7", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_9003", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.0", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_7000", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.0", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "unaffected", version: "1.0.0.8", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20578", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T15:56:35.845479Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T20:03:43.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", packageName: "PI", product: "AMD EPYC™ 7001 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "NaplesPI 1.0.0.K", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 7002 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "RomePI 1.0.0.G", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 7003 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "MilanPI 1.0.0.B", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ 9004 Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "GenoaPI 1.0.0.2", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ComboAM5 1.0.0.1", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors", vendor: "AMD", versions: [ { status: "unaffected", version: "ChagallWSPI-sWRX8 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "MendocinoPI-FT6 1.0.0.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.9b", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { status: "unaffected", version: "RembrandtPI-FP7 1.0.0.9b", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "unaffected", version: "SnowyOwl PI 1.1.0.A", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbRomePI-SP3 1.0.0.A", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbMilanPI-SP3 1.0.0.7", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbGenoaPI-SP5 1.0.0.0", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedAM5PI 1.0.0.0", }, ], }, { defaultStatus: "affected", product: "AMD RyzenTM Embedded V3000", vendor: "AMD", versions: [ { status: "unaffected", version: "EmbeddedPI-FP7r2 1.0.0.8", }, ], }, ], datePublic: "2024-08-13T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\"> A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">buffer </a>potentially\nresulting in arbitrary code execution.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>", }, ], value: "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer potentially\nresulting in arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T16:52:58.457Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20578", datePublished: "2024-08-13T16:52:58.457Z", dateReserved: "2022-10-27T18:53:39.757Z", dateUpdated: "2025-03-18T20:03:43.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21980
Vulnerability from cvelistv5
Published
2024-08-05 16:06
Modified
2024-08-05 21:00
Severity ?
EPSS score ?
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7003_firmware", vendor: "amd", versions: [ { lessThan: "milanpi_1.0.0.9_sp3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_9003_firmware", vendor: "amd", versions: [ { lessThan: "genoapi_1.0.0.7_sp5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7773x_firmware", vendor: "amd", versions: [ { lessThan: "milanpi_1.0.0.d", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_9754s_firmware", vendor: "amd", versions: [ { lessThan: "genoapi_1.0.0.c", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21980", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:52:33.557459Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-05T21:00:57.665Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "MilanPI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "GenoaPI 1.0.0.C", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { lessThan: "EmbMilanPI-SP3 1.0.0.9", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI-SP5 1.0.0.7", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, ], datePublic: "2024-08-05T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.</span>\n\n</span>", }, ], value: "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-05T16:06:36.216Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2024-21980", datePublished: "2024-08-05T16:06:36.216Z", dateReserved: "2024-01-03T16:43:30.197Z", dateUpdated: "2024-08-05T21:00:57.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46766
Vulnerability from cvelistv5
Published
2023-11-14 18:51
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Version: various |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.<br>", }, ], value: "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:40:54.027Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46766", datePublished: "2023-11-14T18:51:58.036Z", dateReserved: "2022-03-31T16:50:27.871Z", dateUpdated: "2024-08-04T05:17:42.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21978
Vulnerability from cvelistv5
Published
2024-08-05 16:05
Modified
2024-08-05 17:36
Severity ?
EPSS score ?
Summary
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7003_firmware", vendor: "amd", versions: [ { lessThan: "milanpi_1.0.0.9_sp3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_9003_firmware", vendor: "amd", versions: [ { lessThan: "genoapi_1.0.0.7_sp5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_7773x_firmware", vendor: "amd", versions: [ { lessThan: "milanpi_1.0.0.d", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_9754s_firmware", vendor: "amd", versions: [ { lessThan: "genoapi_1.0.0.c", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21978", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T17:01:18.171419Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-05T17:36:02.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "MilanPI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "GenoaPI 1.0.0.C", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { lessThan: "EmbMilanPI-SP3 1.0.0.9", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI-SP5 1.0.0.7", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, ], datePublic: "2024-08-05T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.</span>\n\n</span>\n\n</span>", }, ], value: "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-05T16:05:34.019Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2024-21978", datePublished: "2024-08-05T16:05:34.019Z", dateReserved: "2024-01-03T16:43:30.197Z", dateUpdated: "2024-08-05T17:36:02.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Severity ?
EPSS score ?
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-12T12:56:32.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw", }, { url: "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf", }, { url: "https://news.ycombinator.com/item?id=41475975", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { affected: [ { cpes: [ "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1st_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "naples.pi.1.0.0.m", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "3rd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "milan.pi.1.0.0.d", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "2nd_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "rome.pi.1.0.0.j", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "4th_gen_amd_epyc_processors", vendor: "amd", versions: [ { lessThan: "genoa_pi_1.0.0.c", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7002", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_7003", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "epyc_embedded_9003", vendor: "amd", versions: [ { lessThan: "emgenoa.pi.1.0.0.7", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_7000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_5000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v1000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v2000", vendor: "amd", versions: [ { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7040_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "phoenixpi-fp8-fp7.1.1.0.3", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "unaffected", version: "0", versionType: "custom", }, { status: "affected", version: "various", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7000_desktop_processors", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "comboam4v2pi.1.2.0.cb", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_3000_series_processors", vendor: "amd", versions: [ { lessThan: "castlepeakpl-sp3r3.1.0.0.b", status: "affected", version: "0", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, { lessThan: "castlepeakwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_threadripper_pro_3000wx_series_processors", vendor: "amd", versions: [ { lessThan: "chagallwspi-swrx8.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "athlon_3000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, { lessThan: "pollockpi-ft5.1.0.0.8", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_3000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "picasso-fp5.1.0.1.2", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_4000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "renoirpi-fp6.1.0.0.e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6.1.0.1.1", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7030_series-mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { lessThan: "cezannepi-fp6", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7045_series_mobile_processors", vendor: "amd", versions: [ { lessThan: "dragonrangefl1.1.0.0.3e", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6000_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7020_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "mendocinopi-ft6.1.0.0.7", status: "affected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7035_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "remembrandtpi-fp7.1.0.0.b", status: "unaffected", version: "various", versionType: "python", }, ], }, { cpes: [ "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_8000_series_processors_with_radeongraphics", vendor: "amd", versions: [ { lessThan: "comboam5pi.1.2.0.1", status: "unaffected", version: "various", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31315", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T17:29:59.373286Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T14:54:02.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Milan PI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Naples PI 1.0.0.M", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Rome PI 1.0.0.J", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "Genoa PI 1.0.0.C", status: "unaffected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI 1.0.0.7", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded 7000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Desktop Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7000 Series Desktop Processors", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM4v2PI 1.2.0.cb", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ 3000 Series Processors", vendor: "AMD", versions: [ { lessThan: "CastlePeakPI-SP3r3 1.0.0.B", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "affected", version: "various", versionType: "PI", }, { lessThan: "CastlePeakWSPI-sWRX8 1.0.0.D", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors", vendor: "AMD", versions: [ { lessThan: "ChagallWSPI-sWRX8 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "unaffected", version: "various", versionType: "PI", }, { lessThan: "PollockPI-FT5 1.0.0.8", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "Picasso-FP5 1.0.1.2", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RenoirPI-FP6 1.0.0.E", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6 1.0.1.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "CezannePI-FP6", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "PhoenixPI-FP8-FP7 1.1.0.3", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7045 Series Mobile Processors", vendor: "AMD", versions: [ { lessThan: "DragonRangeFL1 1.0.0.3e", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "MendocinoPI-FT6 1.0.0.7", status: "affected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "RembrandtPI-FP7 1.0.0.B", status: "unaffected", version: "various", versionType: "PI", }, ], }, { defaultStatus: "affected", product: "AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics", vendor: "AMD", versions: [ { lessThan: "ComboAM5PI 1.2.0.1", status: "unaffected", version: "various", versionType: "PI", }, ], }, ], datePublic: "2024-08-09T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.</span>", }, ], value: "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T15:37:24.501Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31315", datePublished: "2024-08-09T17:08:24.237Z", dateReserved: "2023-04-27T15:25:41.423Z", dateUpdated: "2024-09-12T12:56:32.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31355
Vulnerability from cvelistv5
Published
2024-08-05 16:04
Modified
2024-08-06 14:58
Severity ?
EPSS score ?
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-31355", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-06T14:07:12.426239Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-06T14:58:40.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "MilanPI 1.0.0.D", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { lessThan: "GenoaPI 1.0.0.C", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { lessThan: "EmbMilanPI-SP3 1.0.0.9", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, { defaultStatus: "affected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { lessThan: "EmbGenoaPI-SP5 1.0.0.7", status: "affected", version: "various", versionType: "Platform Initialization", }, ], }, ], datePublic: "2024-08-05T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-05T16:04:24.813Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-31355", datePublished: "2024-08-05T16:04:24.813Z", dateReserved: "2023-04-27T15:25:41.428Z", dateUpdated: "2024-08-06T14:58:40.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20566
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-12-03 14:26
Severity ?
EPSS score ?
Summary
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-27T20:58:09.078592Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:26:45.381Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:36:52.542Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], source: { advisory: "AMD-SB-3002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20566", datePublished: "2023-11-14T18:54:00.908Z", dateReserved: "2022-10-27T18:53:39.753Z", dateUpdated: "2024-12-03T14:26:45.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }