Vulnerability-Lookup

CVE-2023-31356 (GCVE-0-2023-31356)

Vulnerability from cvelistv5 – Published: 2024-08-13 16:54 – Updated: 2025-02-11 22:48

Summary

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-459 - Incomplete Cleanup

Assigner

AMD

References

2 references

URL	Tags
https://www.amd.com/en/resources/product-security…	vendor-advisory
https://www.amd.com/en/resources/product-security…

Impacted products

4 products

Vendor	Product	Version
AMD	AMD EPYC™ 7003 Processors	Unaffected: MilanPI 1.0.0.C (PI)
AMD	AMD EPYC™ 9004 Processors	Unaffected: GenoaPI 1.0.0.B
AMD	AMD EPYC™ Embedded 7003	Unaffected: "EmbMilanPI-SP3 1.0.0.8"
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.6

Date Public

2024-08-13 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T15:46:30.501050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-459",
                "description": "CWE-459 Incomplete Cleanup",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T18:53:56.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.C",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbMilanPI-SP3  1.0.0.8\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.6"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459 Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T22:48:16.160Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31356",
    "datePublished": "2024-08-13T16:54:23.979Z",
    "dateReserved": "2023-04-27T15:25:41.428Z",
    "dateUpdated": "2025-02-11T22:48:16.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-31356",
      "date": "2026-06-10",
      "epss": "0.00031",
      "percentile": "0.09395"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Incomplete system memory cleanup in SEV firmware could\\nallow a privileged attacker to corrupt guest private memory, potentially\\nresulting in a loss of data integrity.\"}, {\"lang\": \"es\", \"value\": \"Una limpieza incompleta de la memoria del sistema en el firmware SEV podr\\u00eda permitir que un atacante privilegiado corrompa la memoria privada del hu\\u00e9sped, lo que podr\\u00eda provocar una p\\u00e9rdida de integridad de los datos.\"}]",
      "id": "CVE-2023-31356",
      "lastModified": "2024-10-30T19:35:03.503",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@amd.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}]}",
      "published": "2024-08-13T17:15:21.733",
      "references": "[{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html\", \"source\": \"psirt@amd.com\"}]",
      "sourceIdentifier": "psirt@amd.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-459\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-31356\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2024-08-13T17:15:21.733\",\"lastModified\":\"2025-02-11T23:15:08.640\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete system memory cleanup in SEV firmware could\\nallow a privileged attacker to corrupt guest private memory, potentially\\nresulting in a loss of data integrity.\"},{\"lang\":\"es\",\"value\":\"Una limpieza incompleta de la memoria del sistema en el firmware SEV podr\u00eda permitir que un atacante privilegiado corrompa la memoria privada del hu\u00e9sped, lo que podr\u00eda provocar una p\u00e9rdida de integridad de los datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html\",\"source\":\"psirt@amd.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31356\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T15:46:30.501050Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-459\", \"description\": \"CWE-459 Incomplete Cleanup\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T15:46:35.751Z\"}}], \"cna\": {\"source\": {\"advisory\": \"AMD-SB-4002, AMD-SB-3002, AMD-SB-5001\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7003 Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"MilanPI 1.0.0.C\", \"versionType\": \"PI\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 9004 Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"GenoaPI 1.0.0.B\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7003\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"\\\"EmbMilanPI-SP3  1.0.0.8\\\"\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 9004\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbGenoaPI-SP5 1.0.0.6\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-08-13T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incomplete system memory cleanup in SEV firmware could\\nallow a privileged attacker to corrupt guest private memory, potentially\\nresulting in a loss of data integrity.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIncomplete system memory cleanup in SEV firmware could\\nallow a privileged attacker to corrupt guest private memory, potentially\\nresulting in a loss of data integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\\n\\n\\n\\n\\n\\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\\n\\n\\n\\n\\n\\n\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-459\", \"description\": \"CWE-459 Incomplete Cleanup\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2025-02-11T22:48:16.160Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-31356\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T22:48:16.160Z\", \"dateReserved\": \"2023-04-27T15:25:41.428Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2024-08-13T16:54:23.979Z\", \"assignerShortName\": \"AMD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-1837

Vulnerability from csaf_certbund - Published: 2024-08-13 22:00 - Updated: 2025-08-18 22:00

Summary

AMD Prozessoren: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Prozessoren sind die zentralen Rechenwerke eines Computers. Radeon bezeichnet eine Familie von Grafikkarten von AMD.

Angriff: Ein Angreifer kann mehrere Schwachstellen in AMD Prozessor und AMD Radeon ausnutzen, um beliebigen Programmcode auszuführen, erhöhte Rechte zu erlangen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2021-26344

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2023-20578

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2023-20591

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2021-26367

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2021-26387

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2023-31356

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2023-20518

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2024-21969

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2024-21981

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2023-20584

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2021-46746

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2021-46772

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2022-23815

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

CVE-2022-23817

Affected products

Known affected 10 products

Product	Identifier	Version
HP Computer HP	`cpe:/h:hp:computer:-`	—
AMD Prozessor Ryzen AMD / Prozessor	`cpe:/h:amd:amd_processor:ryzen`	Ryzen
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
AMD Prozessor Athlon AMD / Prozessor	`cpe:/h:amd:amd_processor:athlon`	Athlon
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
AMD Prozessor EPYC AMD / Prozessor	`cpe:/h:amd:amd_processor:epyc`	EPYC
AMD Radeon AMD	`cpe:/h:amd:radeon:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://support.hp.com/de-de/document/ish_1102405…	external
https://access.redhat.com/errata/RHSA-2024:7418	external
https://access.redhat.com/errata/RHSA-2024:7482	external
https://access.redhat.com/errata/RHSA-2024:7481	external
https://access.redhat.com/errata/RHSA-2024:7483	external
https://access.redhat.com/errata/RHSA-2024:7484	external
https://linux.oracle.com/errata/ELSA-2024-12797.html	external
https://www.dell.com/support/kbdoc/de-de/00025608…	external
https://www.ibm.com/support/pages/node/7183573	external
https://ubuntu.com/security/notices/USN-7561-1	external
https://www.dell.com/support/kbdoc/de-de/00022136…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.\r\nRadeon bezeichnet eine Familie von Grafikkarten von AMD.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in AMD Prozessor und AMD Radeon ausnutzen, um beliebigen Programmcode auszuf\u00fchren, erh\u00f6hte Rechte zu erlangen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1837 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1837.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1837 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1837"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2024-08-13",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2024-08-13",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2024-08-13",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2024-08-13",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6013.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03964 vom 2024-08-08",
        "url": "https://support.hp.com/de-de/document/ish_11024058-11038843-16/HPSBHF03964"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7418 vom 2024-10-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:7418"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7482 vom 2024-10-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:7482"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7481 vom 2024-10-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:7481"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7483 vom 2024-10-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:7483"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7484 vom 2024-10-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:7484"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12797 vom 2024-10-23",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12797.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-307 vom 2024-12-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000256080/dsa-2024-307-security-update-for-dell-amd-based-gpu-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183573 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183573"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7561-1 vom 2025-06-09",
        "url": "https://ubuntu.com/security/notices/USN-7561-1"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-051 vom 2025-08-18",
        "url": "https://www.dell.com/support/kbdoc/de-de/000221360/dsa-2024-051"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD Prozessoren: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-18T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-19T06:11:00.264+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-1837",
      "initial_release_date": "2024-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-09-30T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-18T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "EPYC",
                "product": {
                  "name": "AMD Prozessor EPYC",
                  "product_id": "T036862",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Ryzen",
                "product": {
                  "name": "AMD Prozessor Ryzen",
                  "product_id": "T036865",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:ryzen"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Athlon",
                "product": {
                  "name": "AMD Prozessor Athlon",
                  "product_id": "T036866",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:athlon"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Prozessor"
          },
          {
            "category": "product_name",
            "name": "AMD Radeon",
            "product": {
              "name": "AMD Radeon",
              "product_id": "T036864",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:radeon:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T036868",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T032786",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v10",
                "product": {
                  "name": "IBM Power Hardware Management Console v10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-26344",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2021-26344"
    },
    {
      "cve": "CVE-2023-20578",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2023-20578"
    },
    {
      "cve": "CVE-2023-20591",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2023-20591"
    },
    {
      "cve": "CVE-2021-26367",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2021-26367"
    },
    {
      "cve": "CVE-2021-26387",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2021-26387"
    },
    {
      "cve": "CVE-2023-31356",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2023-31356"
    },
    {
      "cve": "CVE-2023-20518",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2023-20518"
    },
    {
      "cve": "CVE-2024-21969",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-21969"
    },
    {
      "cve": "CVE-2024-21981",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-21981"
    },
    {
      "cve": "CVE-2023-20584",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2023-20584"
    },
    {
      "cve": "CVE-2021-46746",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2021-46746"
    },
    {
      "cve": "CVE-2021-46772",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2021-46772"
    },
    {
      "cve": "CVE-2022-23815",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2022-23815"
    },
    {
      "cve": "CVE-2022-23817",
      "product_status": {
        "known_affected": [
          "T032786",
          "T036865",
          "67646",
          "T036866",
          "T000126",
          "T036868",
          "T036862",
          "T036864",
          "T004914",
          "T023373"
        ]
      },
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2022-23817"
    }
  ]
}

WID-SEC-W-2025-0314

Vulnerability from csaf_certbund - Published: 2025-02-11 23:00 - Updated: 2025-06-09 22:00

Summary

AMD Prozessoren: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Prozessoren sind die zentralen Rechenwerke eines Computers.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in verschiedenen AMD Prozessoren ausnutzen, um beliebigen Code auszuführen, eine Denial-of-Service-Situation zu erzeugen und Informationen offenzulegen oder zu manipulieren.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2023-20507

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-20515

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-20581

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-20582

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31331

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31342

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31343

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31345

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31352

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2023-31356

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2024-0179

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2024-21924

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

CVE-2024-21925

Affected products

Known affected 11 products

Product	Identifier	Version
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
AMD Prozessor AMD	`cpe:/h:amd:amd_processor:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
HP BIOS HP	`cpe:/h:hp:bios:-`	—

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://www.amd.com/en/resources/product-security…	external
https://support.hp.com/de-de/document/ish_1194715…	external
https://www.dell.com/support/kbdoc/de-de/00025013…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://support.lenovo.com/us/en/product_security…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://www.dell.com/support/kbdoc/de-de/00028388…	external
https://www.ibm.com/support/pages/node/7183573	external
https://support.hp.com/de-de/document/ish_1244084…	external
https://ubuntu.com/security/notices/USN-7561-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in verschiedenen AMD Prozessoren ausnutzen, um beliebigen Code auszuf\u00fchren, eine Denial-of-Service-Situation zu erzeugen und Informationen offenzulegen oder zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0314 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0314.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0314 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0314"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-3009 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-4008 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-5004 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-7027 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-7028 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04004 vom 2025-01-29",
        "url": "https://support.hp.com/de-de/document/ish_11947159-11947218-16/HPSBHF04004"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-017 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000250133/dsa-2025-017"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04786 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04786en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04782 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04782en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-186850 vom 2025-02-12",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-186850"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04795 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04795en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-085 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000283888/dsa-2025-085-security-update-for-dell-amd-based-poweredge-server-and-gpu-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183573 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183573"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04016 vom 2025-04-11",
        "url": "https://support.hp.com/de-de/document/ish_12440840-12440862-16/HPSBHF04016"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7561-1 vom 2025-06-09",
        "url": "https://ubuntu.com/security/notices/USN-7561-1"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD Prozessoren: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-10T08:25:11.402+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0314",
      "initial_release_date": "2025-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-05-07T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "AMD Prozessor",
            "product": {
              "name": "AMD Prozessor",
              "product_id": "T032766",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:amd_processor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T036868",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T040784",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP BIOS",
            "product": {
              "name": "HP BIOS",
              "product_id": "T033440",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:bios:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T030989",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T031292",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Computer"
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T027705",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v10",
                "product": {
                  "name": "IBM Power Hardware Management Console v10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T033443",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-20507",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20507"
    },
    {
      "cve": "CVE-2023-20515",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20515"
    },
    {
      "cve": "CVE-2023-20581",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20581"
    },
    {
      "cve": "CVE-2023-20582",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20582"
    },
    {
      "cve": "CVE-2023-31331",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31331"
    },
    {
      "cve": "CVE-2023-31342",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31342"
    },
    {
      "cve": "CVE-2023-31343",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31343"
    },
    {
      "cve": "CVE-2023-31345",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31345"
    },
    {
      "cve": "CVE-2023-31352",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31352"
    },
    {
      "cve": "CVE-2023-31356",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31356"
    },
    {
      "cve": "CVE-2024-0179",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-0179"
    },
    {
      "cve": "CVE-2024-21924",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-21924"
    },
    {
      "cve": "CVE-2024-21925",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-21925"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-31356 (GCVE-0-2023-31356)

WID-SEC-W-2024-1837

WID-SEC-W-2025-0314

Tags

Sightings

Nomenclature