Vulnerabilites related to AMD - AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”
cve-2023-20571
Vulnerability from cvelistv5
Published
2023-11-14 18:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.850Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: " Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n<br>", }, ], value: "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:55:02.307Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], source: { advisory: "AMD-SB-4002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20571", datePublished: "2023-11-14T18:55:02.307Z", dateReserved: "2022-10-27T18:53:39.755Z", dateUpdated: "2024-08-02T09:05:45.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23821
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-12-03 14:26
Severity ?
EPSS score ?
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-23821", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-05T20:28:42.236096Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:26:05.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:26:03.900Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23821", datePublished: "2023-11-14T18:54:32.952Z", dateReserved: "2022-01-21T17:20:55.779Z", dateUpdated: "2024-12-03T14:26:05.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20596
Vulnerability from cvelistv5
Published
2023-11-14 18:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4 |
Version: various |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:55:14.665Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011", }, ], source: { advisory: "AMD-SB-7011", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20596", datePublished: "2023-11-14T18:55:14.665Z", dateReserved: "2022-10-27T18:53:39.763Z", dateUpdated: "2024-08-02T09:05:36.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20565
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: " Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:27:26.573Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20565", datePublished: "2023-11-14T18:54:51.738Z", dateReserved: "2022-10-27T18:53:39.752Z", dateUpdated: "2024-08-02T09:05:45.856Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23820
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 series Desktop Processors “Matisse\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "Various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:28:41.324Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23820", datePublished: "2023-11-14T18:52:21.457Z", dateReserved: "2022-01-21T17:20:55.778Z", dateUpdated: "2024-08-03T03:51:46.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46758
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:54:25.467Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], source: { advisory: "AMD-SB-4002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46758", datePublished: "2023-11-14T18:54:25.467Z", dateReserved: "2022-03-31T16:50:27.869Z", dateUpdated: "2024-08-04T05:17:42.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20563
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-10-22 13:44
Severity ?
EPSS score ?
Summary
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "ComboAM4V2 1.2.0.B *(2023-08-25)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7000_series_desktop_processors", vendor: "amd", versions: [ { status: "affected", version: "ComboAM5 1.0.7.0 (2023-04-18)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_6000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6000_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "RembrandtPI-FP7 1.0.0.9 (2023-05-16)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7035_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7035_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "RembrandtPI-FP7 1.0.0.9 (2023-05-16)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7030_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7030_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7040_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r1000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP5 1.2.0.A (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r2000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP5 1.0.0.2 (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_5000", vendor: "amd", versions: [ { status: "affected", version: "EmbAM4PI 1.0.0.3 (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20563", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:29.685693Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T13:44:05.548Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:27:18.318Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20563", datePublished: "2023-11-14T18:54:41.308Z", dateReserved: "2022-10-27T18:53:39.747Z", dateUpdated: "2024-10-22T13:44:05.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }