All the vulnerabilites related to AMD - AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4
cve-2021-46755
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Failure to unmap certain SysHub mappings in
error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker
with a malicious bootloader to exhaust the SysHub resources resulting in a
potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.829Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e" } ], "value": "Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:00:26.747Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "source": { "advisory": "AMD-SB-4001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46755", "datePublished": "2023-05-09T19:00:26.747Z", "dateReserved": "2022-03-31T16:50:27.868Z", "dateUpdated": "2024-08-04T05:17:42.829Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46749
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.293Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:59:53.819Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "source": { "advisory": "AMD-SB-4001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46749", "datePublished": "2023-05-09T18:59:39.837Z", "dateReserved": "2022-03-31T16:50:27.865Z", "dateUpdated": "2024-08-04T05:17:42.293Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46773
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient input validation in ABL may enable
a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity or code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:01:27.589Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "source": { "advisory": "AMD-SB-4001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46773", "datePublished": "2023-05-09T19:01:27.589Z", "dateReserved": "2022-03-31T16:50:27.873Z", "dateUpdated": "2024-08-04T05:17:42.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26354
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:58:37.664Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26354", "datePublished": "2023-05-09T18:58:37.664Z", "dateReserved": "2021-01-29T21:24:26.148Z", "dateUpdated": "2024-08-03T20:26:25.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26356
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:58:48.108Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26356", "datePublished": "2023-05-09T18:58:48.108Z", "dateReserved": "2021-01-29T21:24:26.149Z", "dateUpdated": "2024-08-03T20:26:24.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46756
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:00:35.599Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46756", "datePublished": "2023-05-09T19:00:35.599Z", "dateReserved": "2022-03-31T16:50:27.868Z", "dateUpdated": "2024-08-04T05:17:42.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26406
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:59:29.119Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26406", "datePublished": "2023-05-09T18:59:29.119Z", "dateReserved": "2021-01-29T21:24:26.170Z", "dateUpdated": "2024-08-03T20:26:25.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46794
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e" } ], "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:01:47.728Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "source": { "advisory": "AMD-SB-4001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46794", "datePublished": "2023-05-09T19:01:47.728Z", "dateReserved": "2022-05-04T18:14:06.437Z", "dateUpdated": "2024-08-04T05:17:42.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26371
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | vendor-advisory | |
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:59:16.122Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" }, { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-4001, AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26371", "datePublished": "2023-05-09T18:59:16.122Z", "dateReserved": "2021-01-29T21:24:26.152Z", "dateUpdated": "2024-08-03T20:26:25.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }