All the vulnerabilites related to AMD - AMD Ryzen™ Embedded V3000
cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Impacted products
AMD3rd Gen AMD EPYC™ Processors
AMD1st Gen AMD EPYC™ Processors
AMD2nd Gen AMD EPYC™ Processors
AMD4th Gen AMD EPYC™ Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD EPYC™ Embedded 9003
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded 5000
AMDAMD Ryzen™ Embedded 7000
AMDAMD Ryzen™ Embedded V1000
AMDAMD Ryzen™ Embedded V2000
AMDAMD Ryzen™ Embedded V3000
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7045 Series Mobile Processors
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 8000 Series Processors with Radeon™ Graphics
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T12:56:32.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
          },
          {
            "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
          },
          {
            "url": "https://news.ycombinator.com/item?id=41475975"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "1st_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "naples.pi.1.0.0.m",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "3rd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "milan.pi.1.0.0.d",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "2nd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rome.pi.1.0.0.j",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "genoa_pi_1.0.0.c",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7003",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_9003",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "emgenoa.pi.1.0.0.7",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_7000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_5000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_3000_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_3000wx_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "pollockpi-ft5.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "renoirpi-fp6.1.0.0.e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6.1.0.1.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7045_series_mobile_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "dragonrangefl1.1.0.0.3e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6000_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7020_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "mendocinopi-ft6.1.0.0.7",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7035_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_8000_series_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T17:29:59.373286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T14:54:02.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Milan PI 1.0.0.D",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Naples PI 1.0.0.M",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Rome PI 1.0.0.J",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "4th Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Genoa PI 1.0.0.C",
              "status": "unaffected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "EmbGenoaPI 1.0.0.7",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "PollockPI-FT5 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RenoirPI-FP6 1.0.0.E",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6 1.0.1.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "DragonRangeFL1 1.0.0.3e",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MendocinoPI-FT6 1.0.0.7",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        }
      ],
      "datePublic": "2024-08-09T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
            }
          ],
          "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:37:24.501Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31315",
    "datePublished": "2024-08-09T17:08:24.237Z",
    "dateReserved": "2023-04-27T15:25:41.423Z",
    "dateUpdated": "2024-09-12T12:56:32.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20565
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-08-02 09:05
Severity ?
Summary
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Desktop Processors \u201cRaphael\u201d XD3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics \u201cPhoenix\u201d FP7/FP7r2/FP8",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:27:26.573Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20565",
    "datePublished": "2023-11-14T18:54:51.738Z",
    "dateReserved": "2022-10-27T18:53:39.752Z",
    "dateUpdated": "2024-08-02T09:05:45.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20579
Vulnerability from cvelistv5
Published
2024-02-13 19:32
Modified
2024-08-02 09:05
Severity ?
Summary
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T15:53:23.792810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:09.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:32:11.904Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7009",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20579",
    "datePublished": "2024-02-13T19:32:11.904Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2024-08-02T09:05:36.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}