csaf_certbund - wid-sec-w-2025-0314

https://www.amd.com/en/resources/product-security…

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in verschiedenen AMD Prozessoren ausnutzen, um beliebigen Code auszuf\u00fchren, eine Denial-of-Service-Situation zu erzeugen und Informationen offenzulegen oder zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0314 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0314.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0314 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0314"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-3009 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-4008 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-5004 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-7027 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-7028 vom 2025-02-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04004 vom 2025-01-29",
        "url": "https://support.hp.com/de-de/document/ish_11947159-11947218-16/HPSBHF04004"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-017 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000250133/dsa-2025-017"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04786 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04786en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04782 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04782en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-186850 vom 2025-02-12",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-186850"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04795 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04795en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-085 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000283888/dsa-2025-085-security-update-for-dell-amd-based-poweredge-server-and-gpu-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183573 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183573"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04016 vom 2025-04-11",
        "url": "https://support.hp.com/de-de/document/ish_12440840-12440862-16/HPSBHF04016"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7561-1 vom 2025-06-09",
        "url": "https://ubuntu.com/security/notices/USN-7561-1"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD Prozessoren: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-10T08:25:11.402+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0314",
      "initial_release_date": "2025-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-05-07T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "AMD Prozessor",
            "product": {
              "name": "AMD Prozessor",
              "product_id": "T032766",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:amd_processor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T036868",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T040784",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP BIOS",
            "product": {
              "name": "HP BIOS",
              "product_id": "T033440",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:bios:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T030989",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T031292",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Computer"
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T027705",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v10",
                "product": {
                  "name": "IBM Power Hardware Management Console v10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T033443",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-20507",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20507"
    },
    {
      "cve": "CVE-2023-20515",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20515"
    },
    {
      "cve": "CVE-2023-20581",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20581"
    },
    {
      "cve": "CVE-2023-20582",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-20582"
    },
    {
      "cve": "CVE-2023-31331",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31331"
    },
    {
      "cve": "CVE-2023-31342",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31342"
    },
    {
      "cve": "CVE-2023-31343",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31343"
    },
    {
      "cve": "CVE-2023-31345",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31345"
    },
    {
      "cve": "CVE-2023-31352",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31352"
    },
    {
      "cve": "CVE-2023-31356",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-31356"
    },
    {
      "cve": "CVE-2024-0179",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-0179"
    },
    {
      "cve": "CVE-2024-21924",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-21924"
    },
    {
      "cve": "CVE-2024-21925",
      "product_status": {
        "known_affected": [
          "T027705",
          "T000126",
          "T032766",
          "T036868",
          "T030989",
          "T031292",
          "T026557",
          "T040784",
          "T033443",
          "T023373",
          "T033440"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-21925"
    }
  ]
}

CVE-2024-0179 (GCVE-0-2024-0179)

Vulnerability from cvelistv5 – Published: 2025-02-11 20:52 – Updated: 2025-06-27 21:51

Summary

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

AMD

References

URL

Tags

Impacted products

Vendor

Product

Version

AMD Ryzen™ 3000 Series Desktop Processors

Unaffected: ComboAM4PI 1.0.0.C
Unaffected: ComboAM4v2PI 1.2.0.D

AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5PI 1.2.0.2b Unaffected: ComboAM5PI 1.1.0.3b Unaffected: ComboAM5PI 1.0.0.a
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4PI 1.0.0.C Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5PI 1.2.0.2b Unaffected: ComboAM5PI 1.1.0.3b
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Unaffected: CastlePeakPI-SP3r3 1.0.0.D
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.F
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.1.0.0h Unaffected: StormPeakPI-SP6 1.0.0.1j
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a Unaffected: PollockPI-FT5 1.0.0.8a
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.Ea
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1a
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.7a
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Ba
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Ba
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.8.0
AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.8.0
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1PI 1.0.0.3f
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.B
AMD	AMD Ryzen™ Embedded V3000	Unaffected: EmbeddedPI_FP7R2 1.0.0.C
AMD	AMD Ryzen™ Embedded 8000	Unaffected: EmbeddedPhoenixPI-FP7r2_1.2.0.0
AMD	AMD Ryzen™ Embedded V1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™Embedded R2000	Affected: EmbeddedR2KPIFP5 1.0.0.5
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.7
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.3

Show details on NVD website

https://www.amd.com/en/resources/product-security…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T03:55:33.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.2b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.0.0.a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.2b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.1.0.0h"
            },
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.0.0.1j"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            },
            {
              "status": "unaffected",
              "version": "PollockPI-FT5 1.0.0.8a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.Ea"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.7a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7  1.0.0.Ba"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7  1.0.0.Ba"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3f"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI_FP7R2 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 8000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "EmbeddedR2KPIFP5 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.3"
            }
          ]
        }
      ],
      "datePublic": "2025-02-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution."
            }
          ],
          "value": "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:51:56.190Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-0179",
    "datePublished": "2025-02-11T20:52:24.110Z",
    "dateReserved": "2023-12-27T16:06:35.776Z",
    "dateUpdated": "2025-06-27T21:51:56.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21924 (GCVE-0-2024-21924)

Vulnerability from cvelistv5 – Published: 2025-02-11 20:18 – Updated: 2025-02-11 20:52

Summary

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

AMD

References

URL

Tags

Impacted products

Vendor

Product

Version

AMD EPYC™ 7002 Processors

Unaffected: Rome PI 1.0.0.K

AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.E
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.1.0.0h
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.0.0.1j
AMD	AMD EPYC™ Embedded 7002 Processors	Unaffected: EmbRomePI-SP3 1.0.0.D

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:52:10.826130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T20:52:32.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rome PI 1.0.0.K"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.1.0.0h"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.0.0.1j"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
            }
          ],
          "value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T20:18:50.402Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21924",
    "datePublished": "2025-02-11T20:18:50.402Z",
    "dateReserved": "2024-01-03T16:43:09.232Z",
    "dateUpdated": "2025-02-11T20:52:32.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20507 (GCVE-0-2023-20507)

Vulnerability from cvelistv5 – Published: 2025-02-11 21:02 – Updated: 2025-02-12 15:35

Summary

An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.

Severity ?

2.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Unaffected: ComboAM4V2 1.2.0.A

AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.0.0.6
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4V2 1.2.0.A
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4V2 1.2.0.A
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.0.0.6
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.C
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.0.E
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.5
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.8
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.8
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1 1.0.0.2b
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.5
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.0
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.8
AMD	AMD Ryzen™ Embedded V3000	Unaffected: EmbeddedPI-FP7r2 1.0.0.6

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T21:24:37.969159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:35:16.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5  1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5  1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1 1.0.0.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.6"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T21:01:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity."
            }
          ],
          "value": "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T21:04:31.393Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20507",
    "datePublished": "2025-02-11T21:02:54.581Z",
    "dateReserved": "2022-10-27T18:53:39.735Z",
    "dateUpdated": "2025-02-12T15:35:16.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31331 (GCVE-0-2023-31331)

Vulnerability from cvelistv5 – Published: 2025-02-11 21:44 – Updated: 2025-02-12 15:36

Summary

Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.

Severity ?

3 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Unaffected: ComboAM4v2PI 1.2.0.CA

AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.CA
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.D
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: Cezanne-FP6 1.0.1.0
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: Rembrandt-FP7 1.0.0.A
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: Rembrandt-FP7 1.0.0.A
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.0.2
AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.0.2
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1PI 1.0.0.3C
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.9
AMD	AMD Ryzen™ Embedded V3000	Unaffected: Embedded-PI FP7r2 1.0.0.9

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:36:16.631696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:36:21.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Cezanne-FP6 1.0.1.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rembrandt-FP7 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rembrandt-FP7 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Embedded-PI FP7r2 1.0.0.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability."
            }
          ],
          "value": "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T21:44:03.782Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31331",
    "datePublished": "2025-02-11T21:44:03.782Z",
    "dateReserved": "2023-04-27T15:25:41.424Z",
    "dateUpdated": "2025-02-12T15:36:21.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20582 (GCVE-0-2023-20582)

Vulnerability from cvelistv5 – Published: 2025-02-11 21:35 – Updated: 2025-02-12 15:56

Summary

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD EPYC™ 9004 Processors

Unaffected: GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36

AMD EPYC™ Embedded 9004

Unaffected: EmbGenoaPI-SP5 1.0.0.7

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:56:12.794718Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:56:22.786Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "SEV FW1.55.36"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
            }
          ],
          "value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T21:35:15.949Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20582",
    "datePublished": "2025-02-11T21:35:15.949Z",
    "dateReserved": "2022-10-27T18:53:39.758Z",
    "dateUpdated": "2025-02-12T15:56:22.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20581 (GCVE-0-2023-20581)

Vulnerability from cvelistv5 – Published: 2025-02-11 21:26 – Updated: 2025-02-12 15:34

Summary

Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.

Severity ?

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD EPYC™ 9004 Processors

Unaffected: GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36

AMD EPYC™ Embedded 9004

Unaffected: EmbGenoaPI-SP5 1.0.0.7

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20581",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:03:14.654952Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:34:49.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "SEV FW1.55.36"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
            }
          ],
          "value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T21:35:31.536Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20581",
    "datePublished": "2025-02-11T21:26:11.128Z",
    "dateReserved": "2022-10-27T18:53:39.758Z",
    "dateUpdated": "2025-02-12T15:34:49.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20515 (GCVE-0-2023-20515)

Vulnerability from cvelistv5 – Published: 2025-02-11 21:16 – Updated: 2025-02-12 15:35

Summary

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD Ryzen™ 3000 Series Desktop Processors

Unaffected: ComboAM4v2PI 1.2.0.CA

AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.CA
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.CA
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.0.8.0
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.CA Unaffected: ComboAM4PI 1.0.0.B
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.CA
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.0.8.0
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Unaffected: CastlePeakPI-SP3r3 1.0.0.C
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.E Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.7
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Pollock-FT5 1.0.0.7
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: Picasso-FP5 1.0.1.1
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.D
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: Cezanne-FP6 1.0.1.0
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.6
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.9b
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.9b
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.0.8.0
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1PI 1.0.0.3b
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.C
AMD	AMD Ryzen™ Embedded R2000	Unaffected: EmbeddedR2KPI-FP5 1.0.0.3
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.5
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.0
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.9
AMD	AMD Ryzen™ Embedded V1000	Affected: No Fix Planned
AMD	AMD Ryzen™ Embedded V3000	Unaffected: Embedded-PIFP7r2 1.0.0.8

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20515",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T14:03:56.637259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:35:01.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.CA"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8  1.0.0.E"
            },
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Pollock-FT5 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Picasso-FP5 1.0.1.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Cezanne-FP6 1.0.1.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "No Fix Planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Embedded-PIFP7r2 1.0.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability."
            }
          ],
          "value": "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T21:16:29.016Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20515",
    "datePublished": "2025-02-11T21:16:29.016Z",
    "dateReserved": "2022-10-27T18:53:39.736Z",
    "dateUpdated": "2025-02-12T15:35:01.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31345 (GCVE-0-2023-31345)

Vulnerability from cvelistv5 – Published: 2025-02-11 23:49 – Updated: 2025-09-23 21:25

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

Affected: MilanPI 1.0.0.C

AMD	AMD EPYC™ 9004 Processors	Unaffected: GenoaPI 1.0.0.B
AMD	AMD Instinct™ MI300A	Unaffected: MI300API 1.0.0.5
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.7
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: "Pollock-FT5 1.0.0.7"
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: "Picasso-FP5 1.0.1.1"
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: "RenoirPI-FP6 1.0.0.D"
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: "Cezanne-FP6 1.0.1.0"
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: "MendocinoPI-FT6 1.0.0.6"
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: "Rembrandt-FP7 1.0.0.A"
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: "Rembrandt-FP7 1.0.0.A"
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: "PhoenixPI-FP8-FP7 1.1.0.2"
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: "DragonRangeFL1PI 1.0.0.3C"
AMD	AMD EPYC™ Embedded 7003	Unaffected: "EmbMilanPI-SP3 1.0.0.8"
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.6
AMD	AMD Ryzen™ Embedded 5000	Unaffected: "EmbAM4PI 1.0.0.5"
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V2000	Unaffected: "EmbeddedPI-FP6 1.0.0.9"
AMD	AMD Ryzen™ Embedded V3000	Unaffected: "Embedded-PI FP7r2 1.0.0.9"

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T03:55:31.019Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "MilanPI 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300API 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Pollock-FT5 1.0.0.7\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Picasso-FP5 1.0.1.1\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"RenoirPI-FP6 1.0.0.D\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Cezanne-FP6 1.0.1.0\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"MendocinoPI-FT6 1.0.0.6\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Rembrandt-FP7 1.0.0.A\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Rembrandt-FP7 1.0.0.A\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"DragonRangeFL1PI 1.0.0.3C\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbMilanPI-SP3  1.0.0.8\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbAM4PI 1.0.0.5\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbeddedPI-FP6 1.0.0.9\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Embedded-PI FP7r2 1.0.0.9\""
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
            }
          ],
          "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1274",
              "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T21:25:15.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31345",
    "datePublished": "2025-02-11T23:49:05.388Z",
    "dateReserved": "2023-04-27T15:25:41.427Z",
    "dateUpdated": "2025-09-23T21:25:15.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31352 (GCVE-0-2023-31352)

Vulnerability from cvelistv5 – Published: 2025-02-11 22:44 – Updated: 2025-02-12 15:34

Summary

A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD EPYC™ 9004 Processors

Unaffected: GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36

AMD EPYC™ Embedded 9004

Unaffected: EmbGenoaPI-SP5 1.0.0.7

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31352",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:34:35.335247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:34:40.236Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "SEV FW1.55.36"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
            }
          ],
          "value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T23:34:42.830Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31352",
    "datePublished": "2025-02-11T22:44:28.001Z",
    "dateReserved": "2023-04-27T15:25:41.427Z",
    "dateUpdated": "2025-02-12T15:34:40.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31343 (GCVE-0-2023-31343)

Vulnerability from cvelistv5 – Published: 2025-02-11 22:35 – Updated: 2025-09-23 21:39

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-1220 - Insufficient Granularity of Access Control

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

Unaffected: MilanPI 1.0.0.C

AMD	AMD EPYC™ 9004 Processors	Unaffected: GenoaPI 1.0.0.B
AMD	AMD Instinct™ MI300A	Unaffected: MI300API 1.0.0.5
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.7
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: "Pollock-FT5 1.0.0.7"
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: "Picasso-FP5 1.0.1.1"
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: "RenoirPI-FP6 1.0.0.D"
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: "Cezanne-FP6 1.0.1.0"
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: "MendocinoPI-FT6 1.0.0.6"
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: "Rembrandt-FP7 1.0.0.A"
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: "Rembrandt-FP7 1.0.0.A"
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: "PhoenixPI-FP8-FP7 1.1.0.2"
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: "DragonRangeFL1PI 1.0.0.3C"
AMD	AMD EPYC™ Embedded 7003	Unaffected: "EmbMilanPI-SP3 1.0.0.8"
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.6
AMD	AMD Ryzen™ Embedded R1000	Unaffected: "EmbeddedPI-FP5 1.2.0.C"
AMD	AMD Ryzen™ Embedded R2000	Affected: "EmbeddedR2KPI-FP5 1.0.0.3"
AMD	AMD Ryzen™ Embedded 5000	Unaffected: "EmbAM4PI 1.0.0.5"
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V2000	Unaffected: "EmbeddedPI-FP6 1.0.0.9"
AMD	AMD Ryzen™ Embedded V3000	Unaffected: "Embedded-PI FP7r2 1.0.0.9"

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31343",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:34:57.941103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:35:05.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300API 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Pollock-FT5 1.0.0.7\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Picasso-FP5 1.0.1.1\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"RenoirPI-FP6 1.0.0.D\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Cezanne-FP6 1.0.1.0\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"MendocinoPI-FT6 1.0.0.6\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Rembrandt-FP7 1.0.0.A\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Rembrandt-FP7 1.0.0.A\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"DragonRangeFL1PI 1.0.0.3C\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbMilanPI-SP3  1.0.0.8\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbeddedPI-FP5 1.2.0.C\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "\"EmbeddedR2KPI-FP5 1.0.0.3\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbAM4PI 1.0.0.5\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbeddedPI-FP6 1.0.0.9\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"Embedded-PI FP7r2 1.0.0.9\""
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.\u003cbr\u003e"
            }
          ],
          "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220  Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T21:39:19.127Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31343",
    "datePublished": "2025-02-11T22:35:04.110Z",
    "dateReserved": "2023-04-27T15:25:41.426Z",
    "dateUpdated": "2025-09-23T21:39:19.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31342 (GCVE-0-2023-31342)

Vulnerability from cvelistv5 – Published: 2025-02-11 22:24 – Updated: 2025-09-23 21:23

Summary

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-1220 - Insufficient Granularity of Access Control

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

Unaffected: MilanPI 1.0.0.C

AMD	AMD EPYC™ 9004 Processors	Unaffected: GenoaPI 1.0.0.B
AMD	AMD Instinct™ MI300A	Unaffected: MI300API 1.0.0.5
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.C
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5 1.1.0.2
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.7
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Pollock-FT5 1.0.0.7
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: Picasso-FP5 1.0.1.1
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.D
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: Cezanne-FP6 1.0.1.0
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.6
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: Rembrandt-FP7 1.0.0.A
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: Rembrandt-FP7 1.0.0.A
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.0.2
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1PI 1.0.0.3C
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilanPI-SP3 1.0.0.8
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.6
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.C
AMD	AMD Ryzen™ Embedded R2000	Unaffected: EmbeddedR2KPI-FP5 1.0.0.3
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.5
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.9
AMD	AMD Ryzen™ Embedded V3000	Unaffected: Embedded-PI FP7r2 1.0.0.9

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31342",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T03:55:32.361Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300API 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Pollock-FT5 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Picasso-FP5 1.0.1.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Cezanne-FP6 1.0.1.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rembrandt-FP7 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rembrandt-FP7 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3  1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Embedded-PI FP7r2 1.0.0.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
            }
          ],
          "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220 Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T21:23:17.849Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31342",
    "datePublished": "2025-02-11T22:24:02.153Z",
    "dateReserved": "2023-04-27T15:25:41.425Z",
    "dateUpdated": "2025-09-23T21:23:17.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31356 (GCVE-0-2023-31356)

Vulnerability from cvelistv5 – Published: 2024-08-13 16:54 – Updated: 2025-02-11 22:48

Summary

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-459 - Incomplete Cleanup

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/resources/product-security…	vendor-advisory
	https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

Unaffected: MilanPI 1.0.0.C (PI)

AMD	AMD EPYC™ 9004 Processors	Unaffected: GenoaPI 1.0.0.B
AMD	AMD EPYC™ Embedded 7003	Unaffected: "EmbMilanPI-SP3 1.0.0.8"
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.6

Show details on NVD website

https://www.amd.com/en/resources/product-security…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T15:46:30.501050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-459",
                "description": "CWE-459 Incomplete Cleanup",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T18:53:56.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.C",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "\"EmbMilanPI-SP3  1.0.0.8\""
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.6"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459 Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T22:48:16.160Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31356",
    "datePublished": "2024-08-13T16:54:23.979Z",
    "dateReserved": "2023-04-27T15:25:41.428Z",
    "dateUpdated": "2025-02-11T22:48:16.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21925 (GCVE-0-2024-21925)

Vulnerability from cvelistv5 – Published: 2025-02-11 20:39 – Updated: 2025-06-27 21:55

Summary

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

AMD

References

URL

Tags

Impacted products

Vendor

Product

Version

AMD EPYC™ 7001 Processors

Unaffected: Naples PI 1.0.0.N

AMD	AMD EPYC™ 7002 Processors	Unaffected: Rome PI 1.0.0.K
AMD	AMD EPYC™ 9004 Processors	Unaffected: Genoa PI 1.0.0.D
AMD	AMD EPYC™ 7003 Processors	Unaffected: Milan PI 1.0.0.E
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4PI 1.0.0.C Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5PI 1.2.0.2b Unaffected: ComboAM5PI 1.1.0.3b Unaffected: ComboAM5PI 1.0.0.a
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4PI 1.0.0.C Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.D
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5PI 1.2.0.2b Unaffected: ComboAM5PI 1.1.0.3b
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Unaffected: CastlePeakPI-SP3r3 1.0.0.D
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.F Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.1.0.0h Unaffected: StormPeakPI-SP6 1.0.0.1j
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a Unaffected: PollockPI-FT5 1.0.0.8a
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2a
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.Ea
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1a
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.7a
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Ba
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Ba
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.8.0
AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.1.8.0
AMD	AMD Ryzen™ 7000 Series Mobile Processors	Unaffected: DragonRangeFL1PI 1.0.0.3f
AMD	AMD EPYC™ Embedded 3000	Unaffected: SnowyOwlPI 1.1.0.E
AMD	AMD EPYC™ Embedded 7002	Unaffected: EmbRomePI-SP3 1.0.0.D
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilanPI-SP3 1.0.0.A
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI 1.0.0.9
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.7
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedV2KAPI-FP6 1.0.0.7
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.B
AMD	AMD Ryzen™ Embedded V3000	Unaffected: EmbeddedPI_FP7R2 1.0.0.C
AMD	AMD Ryzen™ Embedded 8000	Unaffected: EmbeddedPhoenixPI-FP7r2_1.2.0.0
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™ Embedded R2000	Unaffected: EmbeddedR2KPIFP5 1.0.0.5
AMD	AMD Ryzen™ Embedded V1000	Unaffected: EmbeddedPI-FP5 1.2.0.F

Show details on NVD website