Vulnerability-Lookup - Search a vulnerability

CVE-2023-20579 (GCVE-0-2023-20579)

Vulnerability from cvelistv5

Published

2024-02-13 19:32

Modified

2025-03-14 17:21

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

References

▼	URL	Tags
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009	vendor-advisory

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Version: various

AMD	AMD Ryzen™ 7000 Series Desktop Processor	Version: Various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 7045 Series Mobile Processors	Version: various
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various
AMD	AMD Ryzen™ Embedded V3000	Version: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics	Version: various

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "LOCAL",
                     availabilityImpact: "HIGH",
                     baseScore: 4.4,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "HIGH",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-20579",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-14T15:53:23.792810Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-284",
                        description: "CWE-284 Improper Access Control",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-14T17:21:09.724Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:05:36.910Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 7000 Series Desktop Processor ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "Various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 7045 Series Mobile Processors ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               platforms: [
                  "x86",
               ],
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
         ],
         datePublic: "2024-02-13T17:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<br>",
                  },
               ],
               value: "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-13T19:32:11.904Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009",
            },
         ],
         source: {
            advisory: "AMD-SB-7009",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20579",
      datePublished: "2024-02-13T19:32:11.904Z",
      dateReserved: "2022-10-27T18:53:39.757Z",
      dateUpdated: "2025-03-14T17:21:09.724Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-26344 (GCVE-0-2021-26344)

Vulnerability from cvelistv5

Published

2024-08-13 16:49

Modified

2025-03-18 15:35

Severity ?

7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7001 Series Processors

Version: various

AMD	AMD EPYC™ 7002 Series Processors
AMD	AMD EPYC™ 7003 Series Processors
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Version: various
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Version: various
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD	AMD EPYC™ Embedded 7002 Series Processors
AMD	AMD EPYC™ Embedded 3000 Series Processors	Version: Various
AMD	AMD EPYC™ Embedded 7003 Series Processors
AMD	AMD Ryzen™ Embedded R1000 Series Processors	Version: v
AMD	AMD Ryzen™ Embedded R2000 Series Processors	Version: v
AMD	AMD Ryzen™ Embedded 5000 Series Processors	Version: v
AMD	AMD Ryzen™ Embedded V1000 Series Processors	Version: v
AMD	AMD Ryzen™ Embedded V2000 Series Processors	Version: v
AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "naplespi",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "1.0.0.k",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "romepi",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "1.0.0.C",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "milanpi",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "1.0.0.5",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-26344",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-13T18:29:11.333464Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-787",
                        description: "CWE-787 Out-of-bounds Write",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-18T15:35:45.232Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7001 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RomePI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8  1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbRomePI-SP3  1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "Various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbMilanPI-SP3  1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "v",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "v",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "v",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "v",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "v",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.4",
                  },
               ],
            },
         ],
         datePublic: "2024-08-13T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>",
                  },
               ],
               value: "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:49:52.889Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-26344",
      datePublished: "2024-08-13T16:49:52.889Z",
      dateReserved: "2021-01-29T21:24:26.145Z",
      dateUpdated: "2025-03-18T15:35:45.232Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-31331 (GCVE-0-2023-31331)

Vulnerability from cvelistv5

Published

2025-02-11 21:44

Modified

2025-02-12 15:36

Severity ?

3.0 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Summary

Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31331",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:36:16.631696Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:36:21.957Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Cezanne-FP6 1.0.1.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Embedded-PI FP7r2 1.0.0.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.",
                  },
               ],
               value: "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 3,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1284",
                     description: "CWE-1284 Improper Validation of Specified Quantity in Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T21:44:03.782Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31331",
      datePublished: "2025-02-11T21:44:03.782Z",
      dateReserved: "2023-04-27T15:25:41.424Z",
      dateUpdated: "2025-02-12T15:36:21.957Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-0179 (GCVE-0-2024-0179)

Vulnerability from cvelistv5

Published

2025-02-11 20:52

Modified

2025-02-11 21:02

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 3000 Series Desktop Processors

	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000
	AMD	AMD Ryzen™ Embedded 8000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-0179",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-11T21:02:06.251311Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-11T21:02:46.740Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.C",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.2.0.2b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.1.0.3b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.0.0.a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.C",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.2.0.2b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.1.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8 1.0.0.F",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "StormPeakPI-SP6  1.1.0.0h",
                  },
                  {
                     status: "unaffected",
                     version: "StormPeakPI-SP6  1.0.0.1j",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5 1.0.0.8a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.Ea",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.1.1a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.7a",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7  1.0.0.Ba",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7  1.0.0.Ba",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3f",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI_FP7R2 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 8000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPhoenixPI-FP7r2_1.2.0.0",
                  },
               ],
            },
         ],
         datePublic: "2025-02-10T17:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.",
                  },
               ],
               value: "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T20:52:24.110Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2024-0179",
      datePublished: "2025-02-11T20:52:24.110Z",
      dateReserved: "2023-12-27T16:06:35.776Z",
      dateUpdated: "2025-02-11T21:02:46.740Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-23817 (GCVE-0-2022-23817)

Vulnerability from cvelistv5

Published

2024-08-13 16:51

Modified

2024-08-16 20:27

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 3000 Series Desktop Processors

	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7045 Series Mobile Processors
	AMD	AMD Ryzen™ Embedded R1000 Series Processors
	AMD	AMD Ryzen™ Embedded R2000 Series Processors
	AMD	AMD Ryzen™ Embedded 5000 Series Processors
	AMD	AMD Ryzen™ Embedded 7000 Series Processors
	AMD	AMD Ryzen™ Embedded V1000 Series Processors
	AMD	AMD Ryzen™ Embedded V2000 Series Processors
	AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_3300x_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2_1.2.0.a",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_3300u_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "picassopi-fp5_1.0.0.e",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_pro_3200g_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2_pi_1.2.0.8",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_5_7500f_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam5_1.0.8.0",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_threadripper_pro_3995wx_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "castlepeakpi-sp3r3_1.0.0.8",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_threadripper_pro_3995wx_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "castlepeakwspi-swrx8_1.0.0.a",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_threadripper_pro_5995wx_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "chagallwspi-swrx8_1.0.0.5",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_4300u_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "renoirpi-fp6_1.0.0.a",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_5_6600u_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "rembrandtpi-fp7_1.0.0.5",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_7335u_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "rembrandtpi-fp7_1.0.0.5",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_7_7745hx_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "dragonrangefl1pi_1.0.0.3b",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_5_5600x_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2_pi_1.2.0.8",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_5300g_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "cezannepi-fp6_1.0.0.c",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "ryzen_3_5425c_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "cezannepi-fp6_1.0.0.c",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
                     "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "athlon_pro_300ge_firmware",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "picassopi-fp5_1.0.0.e",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-23817",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-13T17:51:43.434721Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-120",
                        description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-16T20:27:19.545Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V1  1.0.0.A/ComboAM4V2  1.2.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5  1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8  1.0.0.5",
                  },
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8  1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8  1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5  1.0.0.4",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6  1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6  1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI  1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI  1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.",
                  },
               ],
               value: "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:51:45.468Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2022-23817",
      datePublished: "2024-08-13T16:51:45.468Z",
      dateReserved: "2022-01-21T17:14:12.302Z",
      dateUpdated: "2024-08-16T20:27:19.545Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-21971 (GCVE-0-2024-21971)

Vulnerability from cvelistv5

Published

2025-02-12 00:01

Modified

2025-02-12 15:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processors

AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Version: AMD Software: PRO Edition 24.Q2 (23.19.16.01)
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7045 Series Mobile Processors
AMD	AMD Radeon™ RX 5000 Series Graphics Products
AMD	AMD Radeon™ PRO W5000 Series Graphics Products
AMD	AMD Radeon™ RX 7000 Series Graphics Products
AMD	AMD Radeon™ PRO W7000 Series Graphics Products
AMD	AMD Radeon™ VII
AMD	AMD Radeon™ PRO VII
AMD	AMD Radeon™ Instinct™ MI25
AMD	AMD Radeon™ PRO V520
AMD	AMD Radeon™ PRO V620
AMD	AMD Radeon™ PRO V710
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V1000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-21971",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:32:03.493834Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:32:39.200Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "affected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 5000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W5000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 7000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W7000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ VII",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO VII",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ Instinct™ MI25",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V520",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V620",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V710",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.",
                  },
               ],
               value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-12T00:05:50.860Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2024-21971",
      datePublished: "2025-02-12T00:01:00.419Z",
      dateReserved: "2024-01-03T16:43:28.699Z",
      dateUpdated: "2025-02-12T15:32:39.200Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-20518 (GCVE-0-2023-20518)

Vulnerability from cvelistv5

Published

2024-08-13 16:52

Modified

2024-11-05 17:10

Severity ?

1.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html	vendor-advisory
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 9004 Series Processors

AMD	AMD Ryzen™ 3000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ Embedded R1000 Series Processors
AMD	AMD Ryzen™ Embedded R2000 Series Processors
AMD	AMD Ryzen™ Embedded 5000 Series Processors
AMD	AMD Ryzen™ Embedded 7000 Series Processors
AMD	AMD Ryzen™ Embedded V1000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded V2000 Series Processors
AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20518",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-15T14:20:09.090291Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-459",
                        description: "CWE-459 Incomplete Cleanup",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-05T17:10:30.170Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.4",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V1 1.0.0.A",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4V1 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8  1.0.0.6",
                  },
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8  1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.F",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5   1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.F",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6  1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.4",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI  1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.5",
                  },
               ],
            },
         ],
         datePublic: "2024-08-13T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>",
                  },
               ],
               value: "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 1.9,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:52:55.976Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20518",
      datePublished: "2024-08-13T16:52:55.976Z",
      dateReserved: "2022-10-27T18:53:39.736Z",
      dateUpdated: "2024-11-05T17:10:30.170Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-20507 (GCVE-0-2023-20507)

Vulnerability from cvelistv5

Published

2025-02-11 21:02

Modified

2025-02-12 15:35

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Summary

An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD Ryzen™ Embedded 5000
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20507",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-11T21:24:37.969159Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:16.344Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5  1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5  1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6  1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1 1.0.0.2b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.6",
                  },
               ],
            },
         ],
         datePublic: "2025-02-11T21:01:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.",
                  },
               ],
               value: "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 2.3,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T21:04:31.393Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20507",
      datePublished: "2025-02-11T21:02:54.581Z",
      dateReserved: "2022-10-27T18:53:39.735Z",
      dateUpdated: "2025-02-12T15:35:16.344Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-31342 (GCVE-0-2023-31342)

Vulnerability from cvelistv5

Published

2025-02-11 22:24

Modified

2025-02-12 15:35

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7003 Processors

	AMD	AMD EPYC™ 9004 Processors
	AMD	AMD Instinct™ MI300A
	AMD	AMD Ryzen™ 3000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD EPYC™ Embedded 7003
	AMD	AMD EPYC™ Embedded 9004
	AMD	AMD Ryzen™ Embedded R1000
	AMD	AMD Ryzen™ Embedded R2000
	AMD	AMD Ryzen™ Embedded 5000
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31342",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:35:29.149040Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:57.126Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300API 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Pollock-FT5 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Picasso-FP5 1.0.1.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Cezanne-FP6 1.0.1.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbMilanPI-SP3  1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI-SP5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Embedded-PI FP7r2 1.0.0.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
                  },
               ],
               value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T22:24:02.153Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31342",
      datePublished: "2025-02-11T22:24:02.153Z",
      dateReserved: "2023-04-27T15:25:41.425Z",
      dateUpdated: "2025-02-12T15:35:57.126Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-20515 (GCVE-0-2023-20515)

Vulnerability from cvelistv5

Published

2025-02-11 21:16

Modified

2025-02-12 15:35

Severity ?

5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Summary

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 3000 Series Desktop Processors

AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Mobile Processors
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000
AMD	AMD Ryzen™ Embedded 5000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V1000	Version: No Fix Planned
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20515",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T14:03:56.637259Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:01.957Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8  1.0.0.E",
                  },
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Pollock-FT5 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Picasso-FP5 1.0.1.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Cezanne-FP6 1.0.1.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "No Fix Planned",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Embedded-PIFP7r2 1.0.0.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.",
                  },
               ],
               value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1284",
                     description: "CWE-1284 Improper Validation of Specified Quantity in Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T21:16:29.016Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20515",
      datePublished: "2025-02-11T21:16:29.016Z",
      dateReserved: "2022-10-27T18:53:39.736Z",
      dateUpdated: "2025-02-12T15:35:01.957Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-21925 (GCVE-0-2024-21925)

Vulnerability from cvelistv5

Published

2025-02-11 20:39

Modified

2025-02-12 15:35

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7001 Processors

	AMD	AMD EPYC™ 7002 Processors
	AMD	AMD EPYC™ 9004 Processors
	AMD	AMD EPYC™ 7003 Processors
	AMD	AMD Ryzen™ 3000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
	AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD EPYC™ Embedded 3000
	AMD	AMD EPYC™ Embedded 7002
	AMD	AMD EPYC™ Embedded 7003
	AMD	AMD EPYC™ Embedded 9004
	AMD	AMD Ryzen™ Embedded 5000
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000
	AMD	AMD Ryzen™ Embedded 8000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-21925",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-11T21:01:07.683566Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:34.994Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ 7001 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Naples PI 1.0.0.N",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ 7002 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rome PI 1.0.0.K",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Genoa PI 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Milan PI 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.C",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.2.0.2b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.1.0.3b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.0.0.a",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.C",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.2.0.2b",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM5PI 1.1.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8 1.0.0.F",
                  },
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "StormPeakPI-SP6  1.1.0.0h",
                  },
                  {
                     status: "unaffected",
                     version: "StormPeakPI-SP6  1.0.0.1j",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5 1.0.0.8a",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.1.2a",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.Ea",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.1.1a",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.7a",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7  1.0.0.Ba",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7  1.0.0.Ba",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.8.0",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.8.0",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3f",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ Embedded 3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "SnowyOwlPI 1.1.0.E",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ Embedded 7002",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbRomePI-SP3 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbMilanPI-SP3 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedV2KAPI-FP6 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI_FP7R2 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Ryzen™ Embedded 8000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPhoenixPI-FP7r2_1.2.0.0",
                  },
               ],
            },
         ],
         datePublic: "2025-02-11T17:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.",
                  },
               ],
               value: "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T20:39:03.746Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2024-21925",
      datePublished: "2025-02-11T20:39:03.746Z",
      dateReserved: "2024-01-03T16:43:09.232Z",
      dateUpdated: "2025-02-12T15:35:34.994Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-26387 (GCVE-0-2021-26387)

Vulnerability from cvelistv5

Published

2024-08-13 16:50

Modified

2024-10-30 17:59

Severity ?

3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Summary

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html	vendor-advisory
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7001 Series Processors

Version: various

AMD	AMD EPYC™ 7002 Series Processors	Version: various
AMD	AMD EPYC™ 7003 Series Processors	Version: various
AMD	AMD EPYC™ 9004 Series Processors	Version: various
AMD	AMD Ryzen™ 3000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD	AMD EPYC™ Embedded 3000 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 7002 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 7003 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 9003 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded R1000 Series Processors
AMD	AMD Ryzen™ Embedded R2000 Series Processors
AMD	AMD Ryzen™ Embedded 5000 Series Processors
AMD	AMD Ryzen™ Embedded V1000 Series Processors
AMD	AMD Ryzen™ Embedded V2000 Series Processors
AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-26387",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-14T15:47:34.441746Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-863",
                        description: "CWE-863 Incorrect Authorization",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-30T17:59:30.394Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               packageName: "PI",
               product: "AMD EPYC™ 7001 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4 V2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4 V2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.2",
                  },
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5  1.0.0.4",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6  1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6  1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI  1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.9",
                  },
               ],
            },
         ],
         datePublic: "2024-08-13T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected <a target=\"_blank\" rel=\"nofollow\">areas,</a>&nbsp;potentially leading to a loss of platform integrity.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>",
                  },
               ],
               value: "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 3.9,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:50:22.151Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-26387",
      datePublished: "2024-08-13T16:50:22.151Z",
      dateReserved: "2021-01-29T21:24:26.161Z",
      dateUpdated: "2024-10-30T17:59:30.394Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-46746 (GCVE-0-2021-46746)

Vulnerability from cvelistv5

Published

2024-08-13 16:50

Modified

2024-10-31 13:57

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

Summary

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7001 Processors

Version: various

AMD	AMD EPYC™ 7002 Processors	Version: various
AMD	AMD EPYC™ 7003 Processors	Version: various
AMD	AMD EPYC™ 9004 Processors	Version: various
AMD	AMD Ryzen™ 3000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Version: ComboAM5 1.0.8.0
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: PollockPI-FT5 1.0.0.4
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7045 Series Mobile Processors
AMD	AMD EPYC™ Embedded 3000 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 7002 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 7003 Series Processors	Version: various
AMD	AMD EPYC™ Embedded 9003 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded R1000 Series Processors
AMD	AMD Ryzen™ Embedded R2000 Series Processors
AMD	AMD Ryzen™ Embedded 5000 Series Processors
AMD	AMD Ryzen™ Embedded 7000 Series Processors
AMD	AMD Ryzen™ Embedded V1000 Series Processors
AMD	AMD Ryzen™ Embedded V2000 Series Processors
AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-46746",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-14T16:06:22.367564Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-120",
                        description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-31T13:57:25.237Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7001 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7002 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4 V2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3  1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.2",
                  },
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "PollockPI-FT5  1.0.0.4",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5  1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI  1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI  1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.2",
                  },
               ],
            },
         ],
         datePublic: "2024-08-13T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (<a target=\"_blank\" rel=\"nofollow\">TEE</a>) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, <a target=\"_blank\" rel=\"nofollow\">potentially</a>&nbsp;leading to a denial of service.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>",
                  },
               ],
               value: "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially leading to a denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 5.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:50:51.023Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-46746",
      datePublished: "2024-08-13T16:50:51.023Z",
      dateReserved: "2022-03-31T16:50:27.864Z",
      dateUpdated: "2024-10-31T13:57:25.237Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-31343 (GCVE-0-2023-31343)

Vulnerability from cvelistv5

Published

2025-02-11 22:35

Modified

2025-02-12 15:35

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7003 Processors

AMD	AMD EPYC™ 9004 Processors
AMD	AMD Instinct™ MI300A
AMD	AMD Ryzen™ 3000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Mobile Processors
AMD	AMD EPYC™ Embedded 7003
AMD	AMD EPYC™ Embedded 9004
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000	Version: "EmbeddedR2KPI-FP5 1.0.0.3"
AMD	AMD Ryzen™ Embedded 5000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31343",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:34:57.941103Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:05.712Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300API 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Pollock-FT5 1.0.0.7\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Picasso-FP5 1.0.1.1\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"RenoirPI-FP6 1.0.0.D\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Cezanne-FP6 1.0.1.0\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"MendocinoPI-FT6 1.0.0.6\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"PhoenixPI-FP8-FP7 1.1.0.2\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"DragonRangeFL1PI 1.0.0.3C\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbMilanPI-SP3  1.0.0.8\"",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI-SP5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbeddedPI-FP5 1.2.0.C\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "\"EmbeddedR2KPI-FP5 1.0.0.3\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbAM4PI 1.0.0.5\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbeddedPI-FP6 1.0.0.9\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Embedded-PI FP7r2 1.0.0.9\"",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.<br>",
                  },
               ],
               value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T22:35:04.110Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31343",
      datePublished: "2025-02-11T22:35:04.110Z",
      dateReserved: "2023-04-27T15:25:41.426Z",
      dateUpdated: "2025-02-12T15:35:05.712Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-46772 (GCVE-0-2021-46772)

Vulnerability from cvelistv5

Published

2024-08-13 16:50

Modified

2024-11-05 21:18

Severity ?

3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Summary

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html	vendor-advisory
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7002 Series Processors

AMD	AMD EPYC™ 7003 Series Processors
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Version: various
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Version: ComboAM4V2 1.2.0.A
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Version: various
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD	AMD EPYC™ Embedded 7002 Series Processors
AMD	AMD EPYC™ Embedded 7003 Series Processors
AMD	AMD Ryzen™ Embedded R1000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded R2000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded 5000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded V1000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded V2000 Series Processors	Version: various
AMD	AMD Ryzen™ Embedded V3000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-46772",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-15T14:19:27.997821Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-125",
                        description: "CWE-125 Out-of-bounds Read",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
               {
                  descriptions: [
                     {
                        cweId: "CWE-787",
                        description: "CWE-787 Out-of-bounds Write",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-05T21:18:50.631Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RomePI 1.0.0.E",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "ComboAM4V2 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7002 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbRomePI-SP3  1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbMilanPI-SP3  1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP7r2 1.0.0.4",
                  },
               ],
            },
         ],
         datePublic: "2024-08-13T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>",
                  },
               ],
               value: "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 3.9,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:50:54.016Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-46772",
      datePublished: "2024-08-13T16:50:54.016Z",
      dateReserved: "2022-03-31T16:50:27.872Z",
      dateUpdated: "2024-11-05T21:18:50.631Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-31345 (GCVE-0-2023-31345)

Vulnerability from cvelistv5

Published

2025-02-11 23:49

Modified

2025-02-12 15:33

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7003 Processors

Version: MilanPI 1.0.0.C

	AMD	AMD EPYC™ 9004 Processors
	AMD	AMD Instinct™ MI300A
	AMD	AMD Ryzen™ 3000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD EPYC™ Embedded 7003
	AMD	AMD EPYC™ Embedded 9004
	AMD	AMD Ryzen™ Embedded 5000
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31345",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:32:58.953979Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:33:04.071Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "MilanPI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300API 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Pollock-FT5 1.0.0.7\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Picasso-FP5 1.0.1.1\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"RenoirPI-FP6 1.0.0.D\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Cezanne-FP6 1.0.1.0\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"MendocinoPI-FT6 1.0.0.6\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"PhoenixPI-FP8-FP7 1.1.0.2\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"DragonRangeFL1PI 1.0.0.3C\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbMilanPI-SP3  1.0.0.8\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI-SP5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbAM4PI 1.0.0.5\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbeddedPI-FP6 1.0.0.9\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Embedded-PI FP7r2 1.0.0.9\"",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
                  },
               ],
               value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T23:49:05.388Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31345",
      datePublished: "2025-02-11T23:49:05.388Z",
      dateReserved: "2023-04-27T15:25:41.427Z",
      dateUpdated: "2025-02-12T15:33:04.071Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-20508 (GCVE-0-2023-20508)

Vulnerability from cvelistv5

Published

2025-02-11 23:34

Modified

2025-02-12 15:33

Severity ?

5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Summary

Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Radeon™ RX 6000 Series Graphics Products

	AMD	AMD Radeon™ PRO W6000 Series Graphics Products
	AMD	AMD Radeon™ Instinct™ MI25
	AMD	AMD Radeon™ PRO V520
	AMD	AMD Radeon™ PRO V620
	AMD	AMD Radeon™ PRO V710
	AMD	AMD Instinct™ MI300A
	AMD	AMD Instinct™ MI300X
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Ryzen™ 7045 Series Mobile Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20508",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:33:25.967588Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:33:36.214Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 6000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W6000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ Instinct™ MI25",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V520",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V620",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V710",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300X",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "BKC 24.12",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.",
                  },
               ],
               value: "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1284",
                     description: "CWE-1284 Improper Validation of Specified Quantity in Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T23:34:02.874Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20508",
      datePublished: "2025-02-11T23:34:02.874Z",
      dateReserved: "2022-10-27T18:53:39.735Z",
      dateUpdated: "2025-02-12T15:33:36.214Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-26367 (GCVE-0-2021-26367)

Vulnerability from cvelistv5

Published

2024-08-13 16:50

Modified

2024-12-04 16:25

Severity ?

5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Summary

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
	AMD	AMD Radeon™ RX 6000 Series Graphics Cards
	AMD	AMD Radeon™ PRO W6000 Series Graphics Cards
	AMD	AMD Ryzen™ Embedded R1000 Series Processors
	AMD	AMD Ryzen™ Embedded R2000 Series Processors
	AMD	AMD Ryzen™ Embedded V1000 Series Processors
	AMD	AMD Ryzen™ Embedded V2000 Series Processors

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-26367",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-13T18:04:31.680686Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        description: "CWE-noinfo Not enough information",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-12-04T16:25:09.987Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4PI  1.0.0.9",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2 PI 1.2.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PollockPI-FT5  1.0.0.4",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PicassoPI-FP5  1.0.0.E",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6  1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CezannePI-FP6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 6000 Series Graphics Cards",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W6000 Series Graphics Cards",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.",
                  },
               ],
               value: "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T16:50:05.825Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-26367",
      datePublished: "2024-08-13T16:50:05.825Z",
      dateReserved: "2021-01-29T21:24:26.151Z",
      dateUpdated: "2024-12-04T16:25:09.987Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerabilites related to AMD - AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

CVE-2023-20579 (GCVE-0-2023-20579)

Vulnerability from cvelistv5

CVE-2021-26344 (GCVE-0-2021-26344)

Vulnerability from cvelistv5

CVE-2023-31331 (GCVE-0-2023-31331)

Vulnerability from cvelistv5

CVE-2024-0179 (GCVE-0-2024-0179)

Vulnerability from cvelistv5

CVE-2022-23817 (GCVE-0-2022-23817)

Vulnerability from cvelistv5

CVE-2024-21971 (GCVE-0-2024-21971)

Vulnerability from cvelistv5

CVE-2023-20518 (GCVE-0-2023-20518)

Vulnerability from cvelistv5

CVE-2023-20507 (GCVE-0-2023-20507)

Vulnerability from cvelistv5

CVE-2023-31342 (GCVE-0-2023-31342)

Vulnerability from cvelistv5

CVE-2023-20515 (GCVE-0-2023-20515)

Vulnerability from cvelistv5

CVE-2024-21925 (GCVE-0-2024-21925)

Vulnerability from cvelistv5

CVE-2021-26387 (GCVE-0-2021-26387)

Vulnerability from cvelistv5

CVE-2021-46746 (GCVE-0-2021-46746)

Vulnerability from cvelistv5

CVE-2023-31343 (GCVE-0-2023-31343)

Vulnerability from cvelistv5

CVE-2021-46772 (GCVE-0-2021-46772)

Vulnerability from cvelistv5

CVE-2023-31345 (GCVE-0-2023-31345)

Vulnerability from cvelistv5

CVE-2023-20508 (GCVE-0-2023-20508)

Vulnerability from cvelistv5

CVE-2021-26367 (GCVE-0-2021-26367)

Vulnerability from cvelistv5