All the vulnerabilites related to AMD - AMD Ryzen™ Embedded 7000 Series Processors
cve-2023-20518
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2024-11-05 17:10
Summary
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
Impacted products
AMDAMD EPYC™ 9004 Series Processors
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ Embedded R1000 Series Processors
AMDAMD Ryzen™ Embedded R2000 Series Processors
AMDAMD Ryzen™ Embedded 5000 Series Processors
AMDAMD Ryzen™ Embedded 7000 Series Processors
AMDAMD Ryzen™ Embedded V1000 Series Processors
AMDAMD Ryzen™ Embedded V2000 Series Processors
AMDAMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T14:20:09.090291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-459",
                "description": "CWE-459 Incomplete Cleanup",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T17:10:30.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.4",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V1 1.0.0.A"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4V1 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.6"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8  1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5   1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.5"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:52:55.976Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20518",
    "datePublished": "2024-08-13T16:52:55.976Z",
    "dateReserved": "2022-10-27T18:53:39.736Z",
    "dateUpdated": "2024-11-05T17:10:30.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23817
Vulnerability from cvelistv5
Published
2024-08-13 16:51
Modified
2024-08-16 20:27
Summary
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.
Impacted products
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7045 Series Mobile Processors
AMDAMD Ryzen™ Embedded R1000 Series Processors
AMDAMD Ryzen™ Embedded R2000 Series Processors
AMDAMD Ryzen™ Embedded 5000 Series Processors
AMDAMD Ryzen™ Embedded 7000 Series Processors
AMDAMD Ryzen™ Embedded V1000 Series Processors
AMDAMD Ryzen™ Embedded V2000 Series Processors
AMDAMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_3300x_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_1.2.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_3300u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picassopi-fp5_1.0.0.e",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_pro_3200g_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_pi_1.2.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_7500f_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5_1.0.8.0",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_3995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakpi-sp3r3_1.0.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_3995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakwspi-swrx8_1.0.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_5995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_4300u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "renoirpi-fp6_1.0.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_6600u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rembrandtpi-fp7_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_7335u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rembrandtpi-fp7_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_7_7745hx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "dragonrangefl1pi_1.0.0.3b",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_5600x_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_pi_1.2.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_5300g_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6_1.0.0.c",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_5425c_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6_1.0.0.c",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "athlon_pro_300ge_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picassopi-fp5_1.0.0.e",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T17:51:43.434721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T20:27:19.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V1  1.0.0.A/ComboAM4V2  1.2.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5  1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.5"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8  1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation."
            }
          ],
          "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:51:45.468Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23817",
    "datePublished": "2024-08-13T16:51:45.468Z",
    "dateReserved": "2022-01-21T17:14:12.302Z",
    "dateUpdated": "2024-08-16T20:27:19.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46746
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-31 13:57
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
Impacted products
AMDAMD EPYC™ 7001 Processors
AMDAMD EPYC™ 7002 Processors
AMDAMD EPYC™ 7003 Processors
AMDAMD EPYC™ 9004 Processors
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7045 Series Mobile Processors
AMDAMD EPYC™ Embedded 3000 Series Processors
AMDAMD EPYC™ Embedded 7002 Series Processors
AMDAMD EPYC™ Embedded 7003 Series Processors
AMDAMD EPYC™ Embedded 9003 Series Processors
AMDAMD Ryzen™ Embedded R1000 Series Processors
AMDAMD Ryzen™ Embedded R2000 Series Processors
AMDAMD Ryzen™ Embedded 5000 Series Processors
AMDAMD Ryzen™ Embedded 7000 Series Processors
AMDAMD Ryzen™ Embedded V1000 Series Processors
AMDAMD Ryzen™ Embedded V2000 Series Processors
AMDAMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T16:06:22.367564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:57:25.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4 V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.2"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:51.023Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46746",
    "datePublished": "2024-08-13T16:50:51.023Z",
    "dateReserved": "2022-03-31T16:50:27.864Z",
    "dateUpdated": "2024-10-31T13:57:25.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}