Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to AMD - AMD Ryzen™ Embedded R2000

cve-2021-26392

Vulnerability from cvelistv5

Published

2022-11-09 20:44

Modified

2024-09-16 20:51

Severity ?

Summary

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

References

▼	URL	Tags
	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Impacted products

Vendor

Product

Version

▼

AMD

AMD Radeon RX 5000 Series & PRO W5000 Series

Version: AMD Radeon Software   < 22.5.2
Version: AMD Radeon Pro Software Enterprise   < 22.Q2
Version: Enterprise Driver   < 22.10.20

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded 5000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various
AMD	AMD Ryzen™Embedded V3000	Version: various

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T20:26:25.366Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "AMD Radeon RX 5000 Series & PRO W5000 Series",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "22.5.2",
                     status: "affected",
                     version: "AMD Radeon Software",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.Q2",
                     status: "affected",
                     version: "AMD Radeon Pro Software Enterprise",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.10.20",
                     status: "affected",
                     version: "Enterprise Driver",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Radeon RX 6000 Series & PRO W6000 Series",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "22.5.2",
                     status: "affected",
                     version: "AMD Radeon Software",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.Q2",
                     status: "affected",
                     version: "AMD Radeon Pro Software Enterprise",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.10.20",
                     status: "affected",
                     version: "Enterprise Driver",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
         ],
         datePublic: "2022-11-08T05:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.</p>",
                  },
               ],
               value: "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-13T19:22:08.137Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
            },
            {
               url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
            },
         ],
         source: {
            advisory: "AMD-SB-1029, AMD-SB-5001",
            discovery: "EXTERNAL",
         },
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-26392",
      datePublished: "2022-11-09T20:44:26.258839Z",
      dateReserved: "2021-01-29T00:00:00",
      dateUpdated: "2024-09-16T20:51:46.791Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-46754

Vulnerability from cvelistv5

Published

2023-05-09 19:00

Modified

2024-08-04 05:17

Severity ?

Summary

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

References

▼	URL	Tags
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001	vendor-advisory
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

Impacted products

Vendor

Product

Version

▼

AMD

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4

Version: various

AMD	Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Version: various
AMD	Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5	Version: various
AMD	Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”	Version: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”	Version: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Version: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”	Version: various
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T05:17:42.313Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics  “Cezanne” AM4",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics   “Pollock”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” ",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "AGESA",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various ",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
         ],
         datePublic: "2023-05-09T16:30:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Insufficient input validation in the ASP (AMD\nSecure Processor) bootloader may allow an attacker with a compromised Uapp or\nABL to coerce the bootloader into exposing sensitive information to the SMU\n(System Management Unit) resulting in a potential loss of confidentiality and\nintegrity.\n\n\n\n\n\n\n\n<br>",
                  },
               ],
               value: "Insufficient input validation in the ASP (AMD\nSecure Processor) bootloader may allow an attacker with a compromised Uapp or\nABL to coerce the bootloader into exposing sensitive information to the SMU\n(System Management Unit) resulting in a potential loss of confidentiality and\nintegrity.\n\n\n\n\n\n\n\n\n",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-13T19:23:29.446Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
            },
            {
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
            },
         ],
         source: {
            advisory: "AMD-SB-4001, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-46754",
      datePublished: "2023-05-09T19:00:16.712Z",
      dateReserved: "2022-03-31T16:50:27.868Z",
      dateUpdated: "2024-08-04T05:17:42.313Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-26393

Vulnerability from cvelistv5

Published

2022-11-09 20:44

Modified

2024-09-16 21:58

Severity ?

Summary

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

References

▼	URL	Tags
	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Impacted products

Vendor

Product

Version

▼

AMD

AMD Radeon RX 5000 Series & PRO W5000 Series

Version: AMD Radeon Software   < 22.5.2
Version: AMD Radeon Pro Software Enterprise   < 22.Q2
Version: Enterprise Driver   < 22.10.20

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T20:26:25.406Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "AMD Radeon RX 5000 Series & PRO W5000 Series",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "22.5.2",
                     status: "affected",
                     version: "AMD Radeon Software",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.Q2",
                     status: "affected",
                     version: "AMD Radeon Pro Software Enterprise",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.10.20",
                     status: "affected",
                     version: "Enterprise Driver",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Radeon RX 6000 Series & PRO W6000 Series",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "22.5.2",
                     status: "affected",
                     version: "AMD Radeon Software",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.Q2",
                     status: "affected",
                     version: "AMD Radeon Pro Software Enterprise",
                     versionType: "custom",
                  },
                  {
                     lessThan: "22.10.20",
                     status: "affected",
                     version: "Enterprise Driver",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
         ],
         datePublic: "2022-11-08T05:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.</p>",
                  },
               ],
               value: "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-13T19:22:50.269Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
            },
            {
               url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
            },
         ],
         source: {
            advisory: "AMD-SB-1029, AMD-SB-5001",
            discovery: "EXTERNAL",
         },
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2021-26393",
      datePublished: "2022-11-09T20:44:25.517806Z",
      dateReserved: "2021-01-29T00:00:00",
      dateUpdated: "2024-09-16T21:58:26.137Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-31342

Vulnerability from cvelistv5

Published

2025-02-11 22:24

Modified

2025-02-12 15:35

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7003 Processors

	AMD	AMD EPYC™ 9004 Processors
	AMD	AMD Instinct™ MI300A
	AMD	AMD Ryzen™ 3000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Mobile Processors
	AMD	AMD EPYC™ Embedded 7003
	AMD	AMD EPYC™ Embedded 9004
	AMD	AMD Ryzen™ Embedded R1000
	AMD	AMD Ryzen™ Embedded R2000
	AMD	AMD Ryzen™ Embedded 5000
	AMD	AMD Ryzen™ Embedded 7000
	AMD	AMD Ryzen™ Embedded V2000
	AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31342",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:35:29.149040Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:57.126Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300API 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Pollock-FT5 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Picasso-FP5 1.0.1.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Cezanne-FP6 1.0.1.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Rembrandt-FP7 1.0.0.A",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbMilanPI-SP3  1.0.0.8",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI-SP5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Embedded-PI FP7r2 1.0.0.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
                  },
               ],
               value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T22:24:02.153Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31342",
      datePublished: "2025-02-11T22:24:02.153Z",
      dateReserved: "2023-04-27T15:25:41.425Z",
      dateUpdated: "2025-02-12T15:35:57.126Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-20515

Vulnerability from cvelistv5

Published

2025-02-11 21:16

Modified

2025-02-12 15:35

Severity ?

5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Summary

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 3000 Series Desktop Processors

AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Mobile Processors
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000
AMD	AMD Ryzen™ Embedded 5000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V1000	Version: No Fix Planned
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20515",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T14:03:56.637259Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:01.957Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
                  {
                     status: "unaffected",
                     version: "ComboAM4PI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.CA",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakPI-SP3r3 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "CastlePeakWSPI-sWRX8  1.0.0.E",
                  },
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Pollock-FT5 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Picasso-FP5 1.0.1.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RenoirPI-FP6 1.0.0.D",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Cezanne-FP6 1.0.1.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MendocinoPI-FT6 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "RembrandtPI-FP7 1.0.0.9b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "PhoenixPI-FP8-FP7 1.0.8.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "DragonRangeFL1PI 1.0.0.3b",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP5 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedR2KPI-FP5 1.0.0.3",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbAM4PI 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.0",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedPI-FP6 1.0.0.9",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "No Fix Planned",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "Embedded-PIFP7r2 1.0.0.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.",
                  },
               ],
               value: "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1284",
                     description: "CWE-1284 Improper Validation of Specified Quantity in Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T21:16:29.016Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20515",
      datePublished: "2025-02-11T21:16:29.016Z",
      dateReserved: "2022-10-27T18:53:39.736Z",
      dateUpdated: "2025-02-12T15:35:01.957Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-21971

Vulnerability from cvelistv5

Published

2025-02-12 00:01

Modified

2025-02-12 15:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 5000 Series Desktop Processors

AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Version: AMD Software: PRO Edition 24.Q2 (23.19.16.01)
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7045 Series Mobile Processors
AMD	AMD Radeon™ RX 5000 Series Graphics Products
AMD	AMD Radeon™ PRO W5000 Series Graphics Products
AMD	AMD Radeon™ RX 7000 Series Graphics Products
AMD	AMD Radeon™ PRO W7000 Series Graphics Products
AMD	AMD Radeon™ VII
AMD	AMD Radeon™ PRO VII
AMD	AMD Radeon™ Instinct™ MI25
AMD	AMD Radeon™ PRO V520
AMD	AMD Radeon™ PRO V620
AMD	AMD Radeon™ PRO V710
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V1000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-21971",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:32:03.493834Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:32:39.200Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (24.10.20)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "affected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 5000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W5000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ RX 7000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO W7000 Series Graphics Products",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ VII",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Radeon™ PRO VII",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "AMD Software: Adrenalin Edition 24.7.1 (23.19.16)",
                  },
                  {
                     status: "unaffected",
                     version: "AMD Software: PRO Edition 24.Q2 (23.19.16.01)",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ Instinct™ MI25",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V520",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V620",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "AMD Radeon™ PRO V710",
               vendor: "AMD",
               versions: [
                  {
                     status: "unknown",
                     version: "Contact your AMD Customer  Engineering representative",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "24.10.21.01",
                  },
                  {
                     status: "unaffected",
                     version: "23.19.16",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.",
                  },
               ],
               value: "Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-12T00:05:50.860Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2024-21971",
      datePublished: "2025-02-12T00:01:00.419Z",
      dateReserved: "2024-01-03T16:43:28.699Z",
      dateUpdated: "2025-02-12T15:32:39.200Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-31315

Vulnerability from cvelistv5

Published

2024-08-09 17:08

Modified

2024-09-12 12:56

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

AMD

3rd Gen AMD EPYC™ Processors

Version: various

AMD	1st Gen AMD EPYC™ Processors	Version: various
AMD	2nd Gen AMD EPYC™ Processors	Version: various
AMD	4th Gen AMD EPYC™ Processors
AMD	AMD EPYC™ Embedded 3000	Version: various
AMD	AMD EPYC™ Embedded 7002	Version: various
AMD	AMD EPYC™ Embedded 7003	Version: various
AMD	AMD EPYC™ Embedded 9003
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded 5000	Version: various
AMD	AMD Ryzen™ Embedded 7000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various
AMD	AMD Ryzen™ Embedded V3000	Version: various
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Version: various
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Version: various
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Version: various
AMD	AMD Ryzen™ Threadripper™ PRO Processors	Version: various
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7045 Series Mobile Processors
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Version: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-09-12T12:56:32.250Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw",
               },
               {
                  url: "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf",
               },
               {
                  url: "https://news.ycombinator.com/item?id=41475975",
               },
            ],
            title: "CVE Program Container",
            x_generator: {
               engine: "ADPogram 0.0.1",
            },
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "1st_gen_amd_epyc_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "naples.pi.1.0.0.m",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "3rd_gen_amd_epyc_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "milan.pi.1.0.0.d",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "2nd_gen_amd_epyc_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "rome.pi.1.0.0.j",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_3000_series_desktop_processors",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "4th_gen_amd_epyc_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "genoa_pi_1.0.0.c",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "epyc_embedded_3000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "epyc_embedded_7002",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "epyc_embedded_7003",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "epyc_embedded_9003",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "emgenoa.pi.1.0.0.7",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_r1000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_r2000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_7000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_5000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_v1000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_v3000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_embedded_v2000",
                  vendor: "amd",
                  versions: [
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "phoenixpi-fp8-fp7.1.1.0.3",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_5000_series_desktop_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2pi.1.2.0.cb",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2pi.1.2.0.cb",
                        status: "unaffected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "various",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7000_desktop_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam5pi.1.2.0.1",
                        status: "affected",
                        version: "0",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam4v2pi.1.2.0.cb",
                        status: "affected",
                        version: "0",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_threadripper_3000_series_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "castlepeakpl-sp3r3.1.0.0.b",
                        status: "affected",
                        version: "0",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_threadripper_pro_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "chagallwspi-swrx8.1.0.0.8",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                     {
                        lessThan: "castlepeakwspi-swrx8.1.0.0.8",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_threadripper_pro_3000wx_series_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "chagallwspi-swrx8.1.0.0.8",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "athlon_3000_series_mobile_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "picasso-fp5.1.0.1.2",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                     {
                        lessThan: "pollockpi-ft5.1.0.0.8",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "picasso-fp5.1.0.1.2",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "renoirpi-fp6.1.0.0.e",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "cezannepi-fp6.1.0.1.1",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "cezannepi-fp6",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7045_series_mobile_processors",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "dragonrangefl1.1.0.0.3e",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_6000_processors_with_radeongraphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "remembrandtpi-fp7.1.0.0.b",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7020_processors_with_radeongraphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "mendocinopi-ft6.1.0.0.7",
                        status: "affected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_7035_processors_with_radeongraphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "remembrandtpi-fp7.1.0.0.b",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ryzen_8000_series_processors_with_radeongraphics",
                  vendor: "amd",
                  versions: [
                     {
                        lessThan: "comboam5pi.1.2.0.1",
                        status: "unaffected",
                        version: "various",
                        versionType: "python",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "ADJACENT_NETWORK",
                     availabilityImpact: "LOW",
                     baseScore: 6.8,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "LOW",
                     integrityImpact: "HIGH",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-31315",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-09T17:29:59.373286Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-94",
                        description: "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-27T14:54:02.319Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               product: "3rd Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Milan PI 1.0.0.D",
                     status: "affected",
                     version: "various",
                     versionType: "Platform Initialization",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "1st Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Naples PI 1.0.0.M",
                     status: "affected",
                     version: "various",
                     versionType: "Platform Initialization",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "2nd Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Rome PI 1.0.0.J",
                     status: "affected",
                     version: "various",
                     versionType: "Platform Initialization",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "4th Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Genoa PI 1.0.0.C",
                     status: "unaffected",
                     version: "various",
                     versionType: "Platform Initialization",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7002",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 9003",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "EmbGenoaPI 1.0.0.7",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ComboAM4v2PI 1.2.0.cb",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ComboAM4v2PI 1.2.0.cb",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ComboAM5PI 1.2.0.1",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ComboAM4v2PI 1.2.0.cb",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ 3000 Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "CastlePeakPI-SP3r3 1.0.0.B",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ChagallWSPI-sWRX8 1.0.0.8",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
                  {
                     lessThan: "CastlePeakWSPI-sWRX8 1.0.0.D",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ChagallWSPI-sWRX8 1.0.0.8",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Picasso-FP5 1.0.1.2",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
                  {
                     lessThan: "PollockPI-FT5 1.0.0.8",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "Picasso-FP5 1.0.1.2",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "RenoirPI-FP6 1.0.0.E",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "CezannePI-FP6 1.0.1.1",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "CezannePI-FP6",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "PhoenixPI-FP8-FP7 1.1.0.3",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7045 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "DragonRangeFL1 1.0.0.3e",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "RembrandtPI-FP7 1.0.0.B",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "MendocinoPI-FT6 1.0.0.7",
                     status: "affected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "RembrandtPI-FP7 1.0.0.B",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     lessThan: "ComboAM5PI 1.2.0.1",
                     status: "unaffected",
                     version: "various",
                     versionType: "PI",
                  },
               ],
            },
         ],
         datePublic: "2024-08-09T12:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.</span>",
                  },
               ],
               value: "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-13T15:37:24.501Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31315",
      datePublished: "2024-08-09T17:08:24.237Z",
      dateReserved: "2023-04-27T15:25:41.423Z",
      dateUpdated: "2024-09-12T12:56:32.250Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-20521

Vulnerability from cvelistv5

Published

2023-11-14 18:52

Modified

2024-08-02 09:05

Severity ?

3.3 (Low) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Summary

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

References

▼	URL	Tags
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002	vendor-advisory
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002	vendor-advisory
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001	vendor-advisory

Impacted products

Vendor

Product

Version

▼

AMD

Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4

Version: various

AMD	Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Version: various
AMD	Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Version: various
AMD	1st Gen AMD EPYC™ Processors	Version: various
AMD	2nd Gen AMD EPYC™ Processors	Version: various
AMD	3rd Gen AMD EPYC™ Processors	Version: various
AMD	AMD EPYC™ Embedded 3000	Version: various
AMD	AMD EPYC™ Embedded 7002	Version: various
AMD	AMD EPYC™ Embedded 7003	Version: various
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20521",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2023-11-27T19:38:18.334372Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-26T14:56:31.535Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:05:36.873Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ Threadripper™ 2000 Series Processors “Colfax”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics   “Pollock”",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "1st Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "2nd Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               packageName: "PI",
               platforms: [
                  "x86",
               ],
               product: "3rd Gen AMD EPYC™ Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD EPYC™ Embedded 3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD EPYC™ Embedded 7002",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded V1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "various",
                  },
               ],
            },
         ],
         datePublic: "2023-11-14T17:30:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n<br>",
                  },
               ],
               value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "PHYSICAL",
                  availabilityImpact: "LOW",
                  baseScore: 3.3,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-18T18:42:56.250Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002",
            },
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
            },
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
            },
         ],
         source: {
            advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-20521",
      datePublished: "2023-11-14T18:52:31.662Z",
      dateReserved: "2022-10-27T18:53:39.737Z",
      dateUpdated: "2024-08-02T09:05:36.873Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-31343

Vulnerability from cvelistv5

Published

2025-02-11 22:35

Modified

2025-02-12 15:35

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD EPYC™ 7003 Processors

AMD	AMD EPYC™ 9004 Processors
AMD	AMD Instinct™ MI300A
AMD	AMD Ryzen™ 3000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processors
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	AMD Ryzen™ 7000 Series Mobile Processors
AMD	AMD EPYC™ Embedded 7003
AMD	AMD EPYC™ Embedded 9004
AMD	AMD Ryzen™ Embedded R1000
AMD	AMD Ryzen™ Embedded R2000	Version: "EmbeddedR2KPI-FP5 1.0.0.3"
AMD	AMD Ryzen™ Embedded 5000
AMD	AMD Ryzen™ Embedded 7000
AMD	AMD Ryzen™ Embedded V2000
AMD	AMD Ryzen™ Embedded V3000

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31343",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-12T15:34:57.941103Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-12T15:35:05.712Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 7003 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MilanPI 1.0.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ 9004 Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "GenoaPI 1.0.0.B",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Instinct™ MI300A",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "MI300API 1.0.0.5",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM4v2PI 1.2.0.C",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ComboAM5 1.1.0.2",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "ChagallWSPI-sWRX8 1.0.0.7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Pollock-FT5 1.0.0.7\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Picasso-FP5 1.0.1.1\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"RenoirPI-FP6 1.0.0.D\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Cezanne-FP6 1.0.1.0\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"MendocinoPI-FT6 1.0.0.6\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Rembrandt-FP7 1.0.0.A\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"PhoenixPI-FP8-FP7 1.1.0.2\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ 7000 Series Mobile Processors",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"DragonRangeFL1PI 1.0.0.3C\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD EPYC™ Embedded 7003",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbMilanPI-SP3  1.0.0.8\"",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD EPYC™ Embedded 9004",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbGenoaPI-SP5 1.0.0.6",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "AMD Ryzen™ Embedded R1000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbeddedPI-FP5 1.2.0.C\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded R2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "affected",
                     version: "\"EmbeddedR2KPI-FP5 1.0.0.3\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 5000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbAM4PI 1.0.0.5\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded 7000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "EmbeddedAM5PI 1.0.0.1",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V2000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"EmbeddedPI-FP6 1.0.0.9\"",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "AMD Ryzen™ Embedded V3000",
               vendor: "AMD",
               versions: [
                  {
                     status: "unaffected",
                     version: "\"Embedded-PI FP7r2 1.0.0.9\"",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.<br>",
                  },
               ],
               value: "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-11T22:35:04.110Z",
            orgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
            shortName: "AMD",
         },
         references: [
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html",
            },
            {
               url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648",
      assignerShortName: "AMD",
      cveId: "CVE-2023-31343",
      datePublished: "2025-02-11T22:35:04.110Z",
      dateReserved: "2023-04-27T15:25:41.426Z",
      dateUpdated: "2025-02-12T15:35:05.712Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}