Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2022-0073
Vulnerability from csaf_certbund
Published
2022-05-10 22:00
Modified
2024-02-13 23:00
Summary
AMD Prozessoren: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessoren ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren.
Betroffene Betriebssysteme
- BIOS/Firmware
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessoren ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0073 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0073.json" }, { "category": "self", "summary": "WID-SEC-2022-0073 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0073" }, { "category": "external", "summary": "AMD Security Advisory vom 2022-05-10", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "category": "external", "summary": "AMD Security Advisory vom 2022-05-10", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" }, { "category": "external", "summary": "Lenovo Security Advisory vom 2022-05-10", "url": "https://support.lenovo.com/us/en/product_security/LEN-87863" }, { "category": "external", "summary": "HP Security Bulletin HPSBHF03792 vom 2022-05-12", "url": "https://support.hp.com/us-en/document/ish_6189684-6189764-16/HPSBHF03792" }, { "category": "external", "summary": "HPE Security Bulletin HPESBHF04235 vom 2022-05-17", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04235en_us\u0026hprpt_id=ALERT_HPE_3023598\u0026jumpid=em_pom8nu6hj_aid-520066529" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-070 vom 2022-05-20", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-070.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1751-1 vom 2022-05-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011100.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1847-1 vom 2022-05-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011162.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1840-1 vom 2022-05-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011156.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1846-1 vom 2022-05-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011160.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1923-1 vom 2022-06-02", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011226.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1800 vom 2022-06-07", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1800.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1606 vom 2022-07-07", "url": "https://alas.aws.amazon.com/ALAS-2022-1606.html" }, { "category": "external", "summary": "HPE Security Bulletin", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04404" }, { "category": "external", "summary": "AMD Security Bulletin", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5001.html" } ], "source_lang": "en-US", "title": "AMD Prozessoren: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-13T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:45:34.552+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0073", "initial_release_date": "2022-05-10T22:00:00.000+00:00", "revision_history": [ { "date": "2022-05-10T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von HP aufgenommen" }, { "date": "2022-05-17T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von HPE aufgenommen" }, { "date": "2022-05-19T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Amazon und SUSE aufgenommen" }, { "date": "2022-05-26T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-02T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-07T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-07-07T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-01-22T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von HP aufgenommen" }, { "date": "2023-04-02T22:00:00.000+00:00", "number": "10", "summary": "CVE\u0027s erg\u00e4nzt" }, { "date": "2024-02-13T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von AMD aufgenommen" } ], "status": "final", "version": "11" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "Epyc", "product": { "name": "AMD Prozessor Epyc", "product_id": "T020995", "product_identification_helper": { "cpe": "cpe:/h:amd:amd_processor:epyc" } } }, { "category": "product_version", "name": "Ryzen", "product": { "name": "AMD Prozessor Ryzen", "product_id": "T023180", "product_identification_helper": { "cpe": "cpe:/h:amd:amd_processor:ryzen" } } }, { "category": "product_version", "name": "Athlon", "product": { "name": "AMD Prozessor Athlon", "product_id": "T023181", "product_identification_helper": { "cpe": "cpe:/h:amd:amd_processor:athlon" } } }, { "category": "product_name", "name": "AMD Prozessor", "product": { "name": "AMD Prozessor", "product_id": "T029010", "product_identification_helper": { "cpe": "cpe:/h:amd:amd_processor:-" } } } ], "category": "product_name", "name": "Prozessor" } ], "category": "vendor", "name": "AMD" }, { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "HP Computer", "product": { "name": "HP Computer", "product_id": "T023191", "product_identification_helper": { "cpe": "cpe:/h:hp:computer:-" } } } ], "category": "vendor", "name": "HP" }, { "branches": [ { "category": "product_name", "name": "HPE ProLiant", "product": { "name": "HPE ProLiant", "product_id": "T009310", "product_identification_helper": { "cpe": "cpe:/h:hp:proliant:-" } } } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "category": "product_name", "name": "Lenovo Computer", "product": { "name": "Lenovo Computer", "product_id": "T006520", "product_identification_helper": { "cpe": "cpe:/o:lenovo:lenovo_computer:-" } } } ], "category": "vendor", "name": "Lenovo" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-20559", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2023-20559" }, { "cve": "CVE-2023-20558", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2023-20558" }, { "cve": "CVE-2022-21151", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2022-21151" }, { "cve": "CVE-2022-0005", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2022-0005" }, { "cve": "CVE-2021-39298", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-39298" }, { "cve": "CVE-2021-33124", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-33124" }, { "cve": "CVE-2021-33123", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-33123" }, { "cve": "CVE-2021-33122", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-33122" }, { "cve": "CVE-2021-33117", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-33117" }, { "cve": "CVE-2021-33103", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-33103" }, { "cve": "CVE-2021-26390", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26390" }, { "cve": "CVE-2021-26388", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26388" }, { "cve": "CVE-2021-26386", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26386" }, { "cve": "CVE-2021-26384", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26384" }, { "cve": "CVE-2021-26378", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26378" }, { "cve": "CVE-2021-26376", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26376" }, { "cve": "CVE-2021-26375", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26375" }, { "cve": "CVE-2021-26373", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26373" }, { "cve": "CVE-2021-26372", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26372" }, { "cve": "CVE-2021-26369", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26369" }, { "cve": "CVE-2021-26368", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26368" }, { "cve": "CVE-2021-26366", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26366" }, { "cve": "CVE-2021-26364", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26364" }, { "cve": "CVE-2021-26363", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26363" }, { "cve": "CVE-2021-26362", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26362" }, { "cve": "CVE-2021-26361", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26361" }, { "cve": "CVE-2021-26352", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26352" }, { "cve": "CVE-2021-26351", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26351" }, { "cve": "CVE-2021-26350", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26350" }, { "cve": "CVE-2021-26349", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26349" }, { "cve": "CVE-2021-26348", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26348" }, { "cve": "CVE-2021-26347", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26347" }, { "cve": "CVE-2021-26342", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26342" }, { "cve": "CVE-2021-26339", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26339" }, { "cve": "CVE-2021-26337", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26337" }, { "cve": "CVE-2021-26336", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26336" }, { "cve": "CVE-2021-26335", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26335" }, { "cve": "CVE-2021-26317", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26317" }, { "cve": "CVE-2021-26312", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-26312" }, { "cve": "CVE-2021-21136", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-21136" }, { "cve": "CVE-2021-21131", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-21131" }, { "cve": "CVE-2021-0190", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0190" }, { "cve": "CVE-2021-0189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0189" }, { "cve": "CVE-2021-0188", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0188" }, { "cve": "CVE-2021-0159", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0159" }, { "cve": "CVE-2021-0155", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0155" }, { "cve": "CVE-2021-0154", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0154" }, { "cve": "CVE-2021-0153", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2021-0153" }, { "cve": "CVE-2020-12951", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2020-12951" }, { "cve": "CVE-2020-12946", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2020-12946" }, { "cve": "CVE-2020-12944", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2020-12944" }, { "cve": "CVE-2020-12931", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in AMD-Prozessoren. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T006520", "T020995", "T023180", "T023191", "T023181", "T029010", "T002207", "398363", "T009310" ] }, "release_date": "2022-05-10T22:00:00Z", "title": "CVE-2020-12931" } ] }
cve-2022-0005
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors with SGX |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors with SGX", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T16:36:04", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2022-0005", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors with SGX", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-0005", "datePublished": "2022-05-12T16:36:04", "dateReserved": "2021-10-15T00:00:00", "dateUpdated": "2024-08-02T23:18:41.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26388
Vulnerability from cvelistv5
Published
2022-05-11 16:29
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:29:06", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26388", "datePublished": "2022-05-11T16:29:06.174576Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:01:19.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26366
Vulnerability from cvelistv5
Published
2022-05-12 17:09
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:09:29", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26366", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26366", "datePublished": "2022-05-12T17:09:29.825927Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:51:13.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33117
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0001/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Xeon(R) Scalable Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Xeon(R) Scalable Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:09:21", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33117", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Xeon(R) Scalable Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33117", "datePublished": "2022-05-12T16:36:03", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-08-03T23:42:19.927Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33122
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:26", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33122", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33122", "datePublished": "2022-05-12T16:36:10", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-08-03T23:42:19.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12951
Vulnerability from cvelistv5
Published
2021-11-16 18:06
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:16:35", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12951", "datePublished": "2021-11-16T18:06:30.578358Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T01:35:37.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-21136
Vulnerability from cvelistv5
Published
2021-02-09 13:56
Modified
2024-08-03 18:01
Severity ?
EPSS score ?
Summary
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
▼ | URL | Tags |
---|---|---|
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html | x_refsource_MISC | |
https://crbug.com/1038002 | x_refsource_MISC | |
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21136 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:01:14.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/1038002" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21136" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "88.0.4324.96", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T20:02:28", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/1038002" }, { "tags": [ "x_refsource_MISC" ], "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21136" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2021-21136", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "88.0.4324.96" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "name": "https://crbug.com/1038002", "refsource": "MISC", "url": "https://crbug.com/1038002" }, { "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21136", "refsource": "MISC", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21136" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2021-21136", "datePublished": "2021-02-09T13:56:07", "dateReserved": "2020-12-21T00:00:00", "dateUpdated": "2024-08-03T18:01:14.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0159
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:09.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:06:46", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0159", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0159", "datePublished": "2022-05-12T16:36:13", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:09.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26317
Vulnerability from cvelistv5
Published
2022-05-12 18:27
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:27:48", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26317", "datePublished": "2022-05-12T18:27:48.589066Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:10:36.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0190
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:10.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:00", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0190", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0190", "datePublished": "2022-05-12T16:36:09", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:10.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-21131
Vulnerability from cvelistv5
Published
2021-02-09 13:56
Modified
2024-08-03 18:01
Severity ?
EPSS score ?
Summary
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
References
▼ | URL | Tags |
---|---|---|
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html | x_refsource_MISC | |
https://crbug.com/1140417 | x_refsource_MISC | |
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21131 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:01:14.084Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/1140417" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21131" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "88.0.4324.96", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:56:41", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/1140417" }, { "tags": [ "x_refsource_MISC" ], "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21131" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2021-21131", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "88.0.4324.96" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "name": "https://crbug.com/1140417", "refsource": "MISC", "url": "https://crbug.com/1140417" }, { "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21131", "refsource": "MISC", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21131" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2021-21131", "datePublished": "2021-02-09T13:56:04", "dateReserved": "2020-12-21T00:00:00", "dateUpdated": "2024-08-03T18:01:14.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26350
Vulnerability from cvelistv5
Published
2022-05-11 16:16
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.493Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:16:40", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26350", "datePublished": "2022-05-11T16:16:40.882207Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T21:07:55.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26352
Vulnerability from cvelistv5
Published
2022-05-10 18:26
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:15:01", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26352", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26352", "datePublished": "2022-05-10T18:26:07.477969Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:58:20.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26369
Vulnerability from cvelistv5
Published
2022-05-12 17:07
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:07:32", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26369", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26369", "datePublished": "2022-05-12T17:07:32.274198Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:51:13.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26373
Vulnerability from cvelistv5
Published
2022-05-11 16:27
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:27:13", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26373", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26373", "datePublished": "2022-05-11T16:27:13.373606Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:32:39.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33123
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.860Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:08:39", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33123", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33123", "datePublished": "2022-05-12T16:36:08", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-08-03T23:42:19.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33124
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:08:28", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33124", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33124", "datePublished": "2022-05-12T16:36:11", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-08-03T23:42:19.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26362
Vulnerability from cvelistv5
Published
2022-05-12 17:43
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:43:15", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26362", "datePublished": "2022-05-12T17:43:15.598731Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:41:16.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26364
Vulnerability from cvelistv5
Published
2022-05-11 16:25
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:25:26", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26364", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26364", "datePublished": "2022-05-11T16:25:26.746976Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T20:42:13.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26378
Vulnerability from cvelistv5
Published
2022-05-11 16:23
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.909Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:23:26", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26378", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26378", "datePublished": "2022-05-11T16:23:26.758045Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T20:22:35.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20558
Vulnerability from cvelistv5
Published
2023-03-23 18:50
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ 2000 Series |
Version: various |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series ", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2023-03-23T18:33:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n" } ], "value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-02T18:49:20.069507Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html" } ], "source": { "advisory": "amd-sb-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20558", "datePublished": "2023-03-23T18:50:11.488Z", "dateReserved": "2022-10-27T18:53:39.746Z", "dateUpdated": "2024-08-02T09:05:36.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0153
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:09.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:08:02", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0153", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0153", "datePublished": "2022-05-12T16:36:07", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:09.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39298
Vulnerability from cvelistv5
Published
2022-02-16 16:38
Modified
2024-08-04 02:06
Severity ?
EPSS score ?
Summary
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 2nd Gen EPYC |
Version: Various |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:06:42.610Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen EPYC", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen EPYC", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen 2000 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen 3000 Series ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen 5000 Series ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-01-10T17:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-11T07:01:59.843980Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027" } ], "source": { "advisory": "AMD-SB-1032", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-39298", "datePublished": "2022-02-16T16:38:10.726517Z", "dateReserved": "2021-08-19T00:00:00", "dateUpdated": "2024-08-04T02:06:42.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26349
Vulnerability from cvelistv5
Published
2022-05-11 16:24
Modified
2024-09-17 01:05
Severity ?
EPSS score ?
Summary
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA)." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:24:22", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26349", "datePublished": "2022-05-11T16:24:22.957466Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:05:40.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26342
Vulnerability from cvelistv5
Published
2022-05-11 16:21
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.602Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:21:04", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26342", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26342", "datePublished": "2022-05-11T16:21:04.403325Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:32:42.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26351
Vulnerability from cvelistv5
Published
2022-05-12 17:18
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:18:51", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26351", "datePublished": "2022-05-12T17:18:51.729866Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:41:24.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26339
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:18:02", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26339", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26339", "datePublished": "2022-05-11T16:18:02.079030Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:56:55.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26368
Vulnerability from cvelistv5
Published
2022-05-12 18:22
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.027Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:22:27", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26368", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26368", "datePublished": "2022-05-12T18:22:27.719737Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:09:04.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26376
Vulnerability from cvelistv5
Published
2022-05-11 16:28
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:28:09", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26376", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26376", "datePublished": "2022-05-11T16:28:09.769017Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:58:27.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26384
Vulnerability from cvelistv5
Published
2022-07-14 19:28
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-14T19:28:56", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26384", "datePublished": "2022-07-14T19:28:56.918810Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:15:36.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0188
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:10.033Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:08:13", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0188", "datePublished": "2022-05-12T16:36:14", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:10.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33103
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:12", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33103", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33103", "datePublished": "2022-05-12T16:36:12", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-08-03T23:42:19.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26390
Vulnerability from cvelistv5
Published
2022-05-10 18:24
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:12:33", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26390", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26390", "datePublished": "2022-05-10T18:24:25.459441Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:11:12.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26386
Vulnerability from cvelistv5
Published
2022-05-12 18:28
Modified
2024-09-16 17:53
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:28:38", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26386", "datePublished": "2022-05-12T18:28:38.025992Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:53:15.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12931
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded 5000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-11-08T05:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e" } ], "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:20:36.423Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "source": { "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12931", "datePublished": "2022-11-09T20:44:24.974055Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:56:08.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26347
Vulnerability from cvelistv5
Published
2022-05-11 16:22
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | Ryzen 5000 Series |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen 5000 Series", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-01-10T17:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service." } ], "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-11T07:01:59.843980Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" } ], "source": { "advisory": "AMD-SB-1031", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26347", "datePublished": "2022-05-11T16:22:09.774768Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-08-03T20:26:25.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26363
Vulnerability from cvelistv5
Published
2022-05-12 18:39
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:39:33", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26363", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26363", "datePublished": "2022-05-12T18:39:33.159439Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T02:21:07.904Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26375
Vulnerability from cvelistv5
Published
2022-05-11 16:20
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:20:03", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26375", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26375", "datePublished": "2022-05-11T16:20:03.207552Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T03:43:15.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0155
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:09.561Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:30", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0155", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0155", "datePublished": "2022-05-12T16:36:15", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:09.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26335
Vulnerability from cvelistv5
Published
2021-11-16 18:08
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:25:06", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26335", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26335", "datePublished": "2021-11-16T18:08:39.387145Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T18:24:42.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21151
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html | x_refsource_MISC | |
https://www.debian.org/security/2022/dsa-5178 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20220826-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:58.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220826-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-26T14:06:31", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220826-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2022-21151", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html" }, { "name": "DSA-5178", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "https://security.netapp.com/advisory/ntap-20220826-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220826-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21151", "datePublished": "2022-05-12T16:36:06", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-03T02:31:58.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26372
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:18:58", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26372", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26372", "datePublished": "2022-05-11T16:18:58.798210Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:15:19.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20559
Vulnerability from cvelistv5
Published
2023-03-23 18:49
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ 2000 Series |
Version: various |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.254Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 2000 Series ", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series", "vendor": " AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2023-03-23T18:33:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n" } ], "value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-02T18:49:20.069507Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html" } ], "source": { "advisory": "amd-sb-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20559", "datePublished": "2023-03-23T18:49:41.533Z", "dateReserved": "2022-10-27T18:53:39.746Z", "dateUpdated": "2024-08-02T09:05:36.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12944
Vulnerability from cvelistv5
Published
2021-11-16 18:17
Modified
2024-09-16 17:04
Severity ?
EPSS score ?
Summary
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T15:27:11", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12944", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12944", "datePublished": "2021-11-16T18:17:24.768272Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-16T17:04:09.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26348
Vulnerability from cvelistv5
Published
2022-05-11 16:26
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.674Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:26:16", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26348", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26348", "datePublished": "2022-05-11T16:26:16.451702Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:27:57.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0189
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:09.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:33", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0189", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0189", "datePublished": "2022-05-12T16:36:11", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:09.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26312
Vulnerability from cvelistv5
Published
2021-11-16 17:55
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:30:46", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26312", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-665 Improper Initialization" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26312", "datePublished": "2021-11-16T17:55:24.198997Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:54:14.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26337
Vulnerability from cvelistv5
Published
2021-11-16 18:24
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:42:04", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26337", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26337", "datePublished": "2021-11-16T18:24:01.483891Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T03:49:09.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12946
Vulnerability from cvelistv5
Published
2021-11-16 18:01
Modified
2024-09-17 00:55
Severity ?
EPSS score ?
Summary
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:29:08", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12946", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12946", "datePublished": "2021-11-16T18:01:28.187239Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:55:32.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0154
Vulnerability from cvelistv5
Published
2022-05-12 16:36
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220818-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:09.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-18T14:07:46", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-0154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220818-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220818-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-0154", "datePublished": "2022-05-12T16:36:07", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-03T15:32:09.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26361
Vulnerability from cvelistv5
Published
2022-05-12 17:46
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:46:01", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26361", "datePublished": "2022-05-12T17:46:01.990877Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:06:56.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26336
Vulnerability from cvelistv5
Published
2021-11-16 18:04
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:44:49", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26336", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26336", "datePublished": "2021-11-16T18:04:08.054768Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:33:06.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.