Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2916
Vulnerability from csaf_certbund
Published
2023-11-14 23:00
Modified
2024-12-15 23:00
Summary
AMD Prozessor: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- BIOS/Firmware
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Prozessoren sind die zentralen Rechenwerke eines Computers.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", title: "Angriff", }, { category: "general", text: "- BIOS/Firmware", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2916 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2916.json", }, { category: "self", summary: "WID-SEC-2023-2916 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2916", }, { category: "external", summary: "AMD Security Bulletin vom 2023-11-14", url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html", }, { category: "external", summary: "AMD Security Bulletin vom 2023-11-14", url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4002.html", }, { category: "external", summary: "AMD Security Bulletin vom 2023-11-14", url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html", }, { category: "external", summary: "AMD Security Bulletin vom 2023-11-14", url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7011.html", }, { category: "external", summary: "Lenovo Multi-vendor BIOS Security Vulnerabilities", url: "https://support.lenovo.com/de/de/product_security/ps500589-multi-vendor-bios-security-vulnerabilities-november-2023", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4654-1 vom 2023-12-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017285.html", }, { category: "external", summary: "Dell Security Advisory DSA-2023-442 vom 2023-12-07", url: "https://www.dell.com/support/kbdoc/000220057/dsa-2023-=", }, { category: "external", summary: "Dell Security Advisory DSA-2023-457 vom 2023-12-07", url: "https://www.dell.com/support/kbdoc/000220223/dsa-2023-=", }, { category: "external", summary: "Dell Security Advisory DSA-2023-441 vom 2023-12-07", url: "https://www.dell.com/support/kbdoc/000220054/dsa-2023-=", }, { category: "external", summary: "HP Security Bulletin HPSBHF03893 vom 2023-12-08", url: "https://support.hp.com/us-en/document/ish_9799938-9799975-16/HPSBHF03893", }, { category: "external", summary: "Dell Security Advisory DSA-2023-386 vom 2023-12-13", url: "https://www.dell.com/support/kbdoc/000218423/dsa-2023-=", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4665-1 vom 2023-12-14", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017397.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4655-1 vom 2023-12-14", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017401.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4664-1 vom 2023-12-14", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017396.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4660-1 vom 2023-12-14", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017402.html", }, { category: "external", summary: "HP Security Bulletin HPSBHF03892 vom 2024-01-08", url: "https://support.hp.com/us-en/document/ish_9925738-9925742-16/HPSBHF03892", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0753 vom 2024-02-08", url: "https://access.redhat.com/errata/RHSA-2024:0753", }, { category: "external", summary: "AMD Security Bulletin", url: "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5001.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2024:0753 vom 2024-02-20", url: "https://lists.centos.org/pipermail/centos-announce/2024-February/099225.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0979 vom 2024-02-26", url: "https://access.redhat.com/errata/RHSA-2024:0979", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0978 vom 2024-02-26", url: "https://access.redhat.com/errata/RHSA-2024:0978", }, { category: "external", summary: "RedHat Security Advisory", url: "https://access.redhat.com/errata/RHSA-2024:1112", }, { category: "external", summary: "Dell Security Advisory DSA-2023-332 vom 2024-05-01", url: "https://www.dell.com/support/kbdoc/000217573/dsa-2023-=", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3178 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3178", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3178 vom 2024-05-28", url: "https://linux.oracle.com/errata/ELSA-2024-3178.html", }, { category: "external", summary: "HPE SECURITY BULLETIN HPESBCR04657 vom 2024-06-27", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04657en_us&docLocale=en_US", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2376-1 vom 2024-07-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018914.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4575 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4575", }, { category: "external", summary: "IBM Security Bulletin 7173420 vom 2024-10-17", url: "https://www.ibm.com/support/pages/node/7173420", }, { category: "external", summary: "IBM Security Bulletin 7178944 vom 2024-12-14", url: "https://www.ibm.com/support/pages/node/7178944", }, ], source_lang: "en-US", title: "AMD Prozessor: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-15T23:00:00.000+00:00", generator: { date: "2024-12-16T09:17:43.897+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2916", initial_release_date: "2023-11-14T23:00:00.000+00:00", revision_history: [ { date: "2023-11-14T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-06T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE und Dell aufgenommen", }, { date: "2023-12-07T23:00:00.000+00:00", number: "3", summary: "Neue Updates von HP aufgenommen", }, { date: "2023-12-12T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Dell aufgenommen", }, { date: "2023-12-14T23:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-01-07T23:00:00.000+00:00", number: "6", summary: "Neue Updates von HP aufgenommen", }, { date: "2024-02-08T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-02-13T23:00:00.000+00:00", number: "8", summary: "Neue Updates von AMD aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "9", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2024-02-25T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-03-05T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-05-21T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-27T22:00:00.000+00:00", number: "15", summary: "Neue Updates von HP aufgenommen", }, { date: "2024-07-09T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-07-16T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-17T22:00:00.000+00:00", number: "18", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-15T23:00:00.000+00:00", number: "19", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "19", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMD Prozessor", product: { name: "AMD Prozessor", product_id: "T029010", product_identification_helper: { cpe: "cpe:/h:amd:amd_processor:-", }, }, }, { category: "product_name", name: "AMD Prozessor", product: { name: "AMD Prozessor", product_id: "T031175", product_identification_helper: { cpe: "cpe:/h:amd:amd_processor:-", }, }, }, ], category: "product_name", name: "Prozessor", }, ], category: "vendor", name: "AMD", }, { branches: [ { branches: [ { category: "product_name", name: "Dell BIOS", product: { name: "Dell BIOS", product_id: "T029364", product_identification_helper: { cpe: "cpe:/h:dell:bios:-", }, }, }, { category: "product_name", name: "Dell BIOS", product: { name: "Dell BIOS", product_id: "T032778", product_identification_helper: { cpe: "cpe:/h:dell:bios:-", }, }, }, ], category: "product_name", name: "BIOS", }, { category: "product_name", name: "Dell Computer", product: { name: "Dell Computer", product_id: "T006498", product_identification_helper: { cpe: "cpe:/o:dell:dell_computer:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_name", name: "HP Computer", product: { name: "HP Computer", product_id: "T023191", product_identification_helper: { cpe: "cpe:/h:hp:computer:-", }, }, }, { category: "product_name", name: "HP Computer", product: { name: "HP Computer", product_id: "T031292", product_identification_helper: { cpe: "cpe:/h:hp:computer:-", }, }, }, ], category: "product_name", name: "Computer", }, ], category: "vendor", name: "HP", }, { branches: [ { category: "product_name", name: "HPE ProLiant", product: { name: "HPE ProLiant", product_id: "T009310", product_identification_helper: { cpe: "cpe:/h:hp:proliant:-", }, }, }, ], category: "vendor", name: "HPE", }, { branches: [ { branches: [ { category: "product_version", name: "V10", product: { name: "IBM Power Hardware Management Console V10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Lenovo BIOS", product: { name: "Lenovo BIOS", product_id: "T005651", product_identification_helper: { cpe: "cpe:/h:lenovo:bios:-", }, }, }, { category: "product_name", name: "Lenovo Computer", product: { name: "Lenovo Computer", product_id: "T030470", product_identification_helper: { cpe: "cpe:/h:lenovo:computer:-", }, }, }, ], category: "vendor", name: "Lenovo", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2021-26345", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2021-26345", }, { cve: "CVE-2021-46758", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2021-46758", }, { cve: "CVE-2021-46766", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2021-46766", }, { cve: "CVE-2021-46774", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2021-46774", }, { cve: "CVE-2022-23820", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2022-23820", }, { cve: "CVE-2022-23821", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2022-23821", }, { cve: "CVE-2022-23830", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2022-23830", }, { cve: "CVE-2023-20519", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20519", }, { cve: "CVE-2023-20521", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20521", }, { cve: "CVE-2023-20526", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20526", }, { cve: "CVE-2023-20533", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20533", }, { cve: "CVE-2023-20563", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20563", }, { cve: "CVE-2023-20565", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20565", }, { cve: "CVE-2023-20566", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20566", }, { cve: "CVE-2023-20571", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in AMD Prozessor. Diese Fehler bestehen im AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) und anderen Plattformkomponenten aufgrund verschiedener Sicherheitsprobleme wie einer unzureichenden Eingabevalidierung, einem \"Use-After-Free\", einer unsachgemäßen Adressvalidierung und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20571", }, { cve: "CVE-2023-20592", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in AMD-Prozessoren. Dieser Fehler besteht aufgrund eines unsachgemäßen oder unerwarteten Verhaltens des INVD-Befehls, der es ermöglicht, das Cache-Zeilen-Rückschreibverhalten der CPU zu beeinflussen. Ein Angreifer mit einem bösartigen Hypervisor kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20592", }, { cve: "CVE-2023-20596", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in AMD-Prozessoren. Dieser Fehler besteht aufgrund einer unsachgemäßen Eingabevalidierung im SMM Supervisor, die es ermöglicht, Ring0-Zugriff zu erlangen. Ein Angreifer mit einem kompromittierten SMI-Handler kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.", }, ], product_status: { known_affected: [ "T005651", "T006498", "T023191", "T029364", "T029010", "67646", "T032778", "T031292", "T004914", "T031175", "T030470", "T002207", "1727", "T009310", "T023373", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20596", }, ], }
cve-2022-23820
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 series Desktop Processors “Matisse\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "Various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:28:41.324Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23820", datePublished: "2023-11-14T18:52:21.457Z", dateReserved: "2022-01-21T17:20:55.778Z", dateUpdated: "2024-08-03T03:51:46.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46774
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-10-11 18:07
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.622Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-46774", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T17:51:52.542045Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T18:07:59.642Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 series Desktop Processors “Matisse\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:31:43.449Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46774", datePublished: "2023-11-14T18:52:11.012Z", dateReserved: "2022-03-31T16:50:27.874Z", dateUpdated: "2024-10-11T18:07:59.642Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20592
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-10-11 18:07
Severity ?
EPSS score ?
Summary
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 1st Gen AMD EPYC™ Processors |
Version: various |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.266Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20592", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T17:51:51.383280Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T18:07:49.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: " ", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: " ", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors ", vendor: " AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:54:13.255Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005", }, ], source: { advisory: "AMD-SB-3005", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20592", datePublished: "2023-11-14T18:54:13.255Z", dateReserved: "2022-10-27T18:53:39.762Z", dateUpdated: "2024-10-11T18:07:49.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20533
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 series Desktop Processors “Matisse\"", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:34:28.851Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20533", datePublished: "2023-11-14T18:52:52.106Z", dateReserved: "2022-10-27T18:53:39.739Z", dateUpdated: "2024-08-02T09:05:36.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20565
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: " Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:27:26.573Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20565", datePublished: "2023-11-14T18:54:51.738Z", dateReserved: "2022-10-27T18:53:39.752Z", dateUpdated: "2024-08-02T09:05:45.856Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46766
Vulnerability from cvelistv5
Published
2023-11-14 18:51
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Version: various |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.<br>", }, ], value: "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:40:54.027Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46766", datePublished: "2023-11-14T18:51:58.036Z", dateReserved: "2022-03-31T16:50:27.871Z", dateUpdated: "2024-08-04T05:17:42.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20563
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-10-22 13:44
Severity ?
EPSS score ?
Summary
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_desktop_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "ComboAM4V2 1.2.0.B *(2023-08-25)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7000_series_desktop_processors", vendor: "amd", versions: [ { status: "affected", version: "ComboAM5 1.0.7.0 (2023-04-18)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_6000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_6000_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "RembrandtPI-FP7 1.0.0.9 (2023-05-16)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7035_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7035_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "RembrandtPI-FP7 1.0.0.9 (2023-05-16)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_5000_series_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_5000_series_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7030_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7030_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "CezannePI-FP6 1.0.0.F (2023-06-20)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_7040_series_mobile_processors_with_radeon_graphics", vendor: "amd", versions: [ { status: "affected", version: "PhoenixPI-FP8-FP7 PI 1.0.0.1g (2023-05-11)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r1000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP5 1.2.0.A (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_r2000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP5 1.0.0.2 (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_5000", vendor: "amd", versions: [ { status: "affected", version: "EmbAM4PI 1.0.0.3 (2023-07-31)", }, ], }, { cpes: [ "cpe:2.3:h:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ryzen_embedded_v3000", vendor: "amd", versions: [ { status: "affected", version: "EmbeddedPI-FP7r2 1.0.0.6 (2023-09-15)", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20563", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:29.685693Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T13:44:05.548Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:27:18.318Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20563", datePublished: "2023-11-14T18:54:41.308Z", dateReserved: "2022-10-27T18:53:39.747Z", dateUpdated: "2024-10-22T13:44:05.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20526
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” |
Version: various |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.<br>", }, ], value: "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 1.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:43:52.998Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20526", datePublished: "2023-11-14T18:52:41.992Z", dateReserved: "2022-10-27T18:53:39.737Z", dateUpdated: "2024-08-02T09:05:36.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20571
Vulnerability from cvelistv5
Published
2023-11-14 18:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:45.850Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: " Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n<br>", }, ], value: "A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:55:02.307Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], source: { advisory: "AMD-SB-4002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20571", datePublished: "2023-11-14T18:55:02.307Z", dateReserved: "2022-10-27T18:53:39.755Z", dateUpdated: "2024-08-02T09:05:45.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46758
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” |
Version: various |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n<br>", }, ], value: "Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:54:25.467Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, ], source: { advisory: "AMD-SB-4002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-46758", datePublished: "2023-11-14T18:54:25.467Z", dateReserved: "2022-03-31T16:50:27.869Z", dateUpdated: "2024-08-04T05:17:42.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23821
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-12-03 14:26
Severity ?
EPSS score ?
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” |
Version: various |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-23821", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-05T20:28:42.236096Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:26:05.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Desktop Processors “Matisse”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processors “Vermeer”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded 5000", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2024-02-13T19:26:03.900Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23821", datePublished: "2023-11-14T18:54:32.952Z", dateReserved: "2022-01-21T17:20:55.779Z", dateUpdated: "2024-12-03T14:26:05.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20521
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-20521", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-27T19:38:18.334372Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T14:56:31.535Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ Threadripper™ 2000 Series Processors “Colfax”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "1st Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 3000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded R2000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD Ryzen™ Embedded V1000", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:42:56.250Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20521", datePublished: "2023-11-14T18:52:31.662Z", dateReserved: "2022-10-27T18:53:39.737Z", dateUpdated: "2024-08-02T09:05:36.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23830
Vulnerability from cvelistv5
Published
2023-11-14 18:53
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory | |
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:45.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPY™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 1.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:41:52.383Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-3002, AMD-SB-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2022-23830", datePublished: "2023-11-14T18:53:28.408Z", dateReserved: "2022-01-21T17:20:55.781Z", dateUpdated: "2024-08-03T03:51:45.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20519
Vulnerability from cvelistv5
Published
2023-11-14 18:53
Modified
2024-08-30 18:03
Severity ?
EPSS score ?
Summary
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20519", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T18:03:44.986937Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-30T18:03:55.829Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors ", vendor: " AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:53:36.329Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], source: { advisory: "AMD-SB-3002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20519", datePublished: "2023-11-14T18:53:36.329Z", dateReserved: "2022-10-27T18:53:39.736Z", dateUpdated: "2024-08-30T18:03:55.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20566
Vulnerability from cvelistv5
Published
2023-11-14 18:54
Modified
2024-12-03 14:26
Severity ?
EPSS score ?
Summary
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-27T20:58:09.078592Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:26:45.381Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 9003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:36:52.542Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, ], source: { advisory: "AMD-SB-3002", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20566", datePublished: "2023-11-14T18:54:00.908Z", dateReserved: "2022-10-27T18:53:39.753Z", dateUpdated: "2024-12-03T14:26:45.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20596
Vulnerability from cvelistv5
Published
2023-11-14 18:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4 |
Version: various |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”", vendor: "AMD", versions: [ { status: "affected", version: "various ", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n<br>", }, ], value: "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n", }, ], providerMetadata: { dateUpdated: "2023-11-14T18:55:14.665Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011", }, ], source: { advisory: "AMD-SB-7011", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2023-20596", datePublished: "2023-11-14T18:55:14.665Z", dateReserved: "2022-10-27T18:53:39.763Z", dateUpdated: "2024-08-02T09:05:36.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26345
Vulnerability from cvelistv5
Published
2023-11-14 18:53
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AMD | 2nd Gen AMD EPYC™ Processors |
Version: various |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:24.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { tags: [ "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "2nd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "3rd Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", packageName: "PI", platforms: [ "x86", ], product: "4th Gen AMD EPYC™ Processors", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7002", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, { defaultStatus: "unaffected", product: "AMD EPYC™ Embedded 7003", vendor: "AMD", versions: [ { status: "affected", version: "various", }, ], }, ], datePublic: "2023-11-14T17:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n<br>", }, ], value: "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 1.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:38:22.990Z", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", }, { url: "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", }, ], source: { advisory: "AMD-SB-3002, AMD-5001", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2021-26345", datePublished: "2023-11-14T18:53:20.979Z", dateReserved: "2021-01-29T21:24:26.145Z", dateUpdated: "2024-08-03T20:26:24.909Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.