All the vulnerabilites related to AMD - EPYC™ Processors
cve-2021-26378
Vulnerability from cvelistv5
Published
2022-05-11 16:23
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:23:26",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26378",
"datePublished": "2022-05-11T16:23:26.758045Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T20:22:35.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26350
Vulnerability from cvelistv5
Published
2022-05-11 16:16
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:16:40",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26350",
"datePublished": "2022-05-11T16:16:40.882207Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T21:07:55.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26373
Vulnerability from cvelistv5
Published
2022-05-11 16:27
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:27:13",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26373",
"datePublished": "2022-05-11T16:27:13.373606Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T16:32:39.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26349
Vulnerability from cvelistv5
Published
2022-05-11 16:24
Modified
2024-09-17 01:05
Severity ?
EPSS score ?
Summary
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:24:22",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26349",
"datePublished": "2022-05-11T16:24:22.957466Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T01:05:40.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26364
Vulnerability from cvelistv5
Published
2022-05-11 16:25
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:25:26",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26364",
"datePublished": "2022-05-11T16:25:26.746976Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T20:42:13.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26342
Vulnerability from cvelistv5
Published
2022-05-11 16:21
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:21:04",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26342",
"datePublished": "2022-05-11T16:21:04.403325Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T16:32:42.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26339
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:18:02",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26339",
"datePublished": "2022-05-11T16:18:02.079030Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T01:56:55.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26312
Vulnerability from cvelistv5
Published
2021-11-16 17:55
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:46",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26312",
"datePublished": "2021-11-16T17:55:24.198997Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T17:54:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26376
Vulnerability from cvelistv5
Published
2022-05-11 16:28
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:28:09",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26376",
"datePublished": "2022-05-11T16:28:09.769017Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T17:58:27.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26348
Vulnerability from cvelistv5
Published
2022-05-11 16:26
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:26:16",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26348",
"datePublished": "2022-05-11T16:26:16.451702Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T16:27:57.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26375
Vulnerability from cvelistv5
Published
2022-05-11 16:20
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:20:03",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26375",
"datePublished": "2022-05-11T16:20:03.207552Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T03:43:15.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26372
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:18:58",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26372",
"datePublished": "2022-05-11T16:18:58.798210Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T19:15:19.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26388
Vulnerability from cvelistv5
Published
2022-05-11 16:29
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| AMD | EPYC™ Processors | |
| AMD | Ryzen™ Series | |
| AMD | Athlon™ Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:29:06",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26388",
"datePublished": "2022-05-11T16:29:06.174576Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T23:01:19.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}