Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amdAmd.comAMD-SB-4001
HistoryMay 09, 2023 - 12:00 a.m.

Client Vulnerabilities – May 2023

2023-05-0900:00:00
amd.com
www.amd.com
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.6%

JSON

**Bulletin ID:**AMD-SB-4001 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below

Summary

Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered, and mitigations are being provided in AGESA™ PI software packages.

Affected Products

AMD Athlon™ Processors, Ryzen™ Processors, Threadripper™ Processors

CVE Details

Refer to Glossary for explanation of terms

CVE Severity CVE Description
CVE-2020-12930 High Improper parameters handling in AMD Platform Security Processor (PSP) drivers may allow a privileged attacker to elevate their privileges.
CVE-2020-12931 High Improper parameters handling in the AMD Platform Security Processor (PSP) kernel may allow a privileged attacker to elevate their privileges
CVE-2021-26354 Medium__ Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.__
CVE-2021-26371 Medium A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2021-26391 Medium Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
CVE-2021-26392 Medium Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write allowing an attacker with privileges to gain code execution of the secure OS/kernel by loading a malicious TA.
CVE-2021-46760 Medium A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
CVE-2021-46773 Medium Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.
CVE-2021-46756 Medium Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
CVE-2021-46753 Medium Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
CVE-2021-46754 Medium Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.
CVE-2021-26365 Medium Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.
CVE-2021-26356 Medium A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2021-26393 Medium Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker-controlled data resulting in a loss of confidentiality.
CVE-2021-26406 Medium Insufficient validation in parsing Owner’s Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
CVE-2021-46749 Medium Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
CVE-2021-46755 Medium Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
CVE-2021-46792 Medium Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.
CVE-2021-46794 Medium Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
CVE-2021-46765 Low Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.
CVE-2021-46759 Low Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

Mitigation

The AGESA™ versions listed below have been released to the Original Equipment Manufacturers (OEM) to help mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.

DESKTOP

CVE|AMD Ryzen™ 2000 Series Desktop Processors
“Raven Ridge” AM4|AMD Ryzen™ 2000 Series Desktop Processors
“Pinnacle Ridge”|AMD Ryzen™ 3000 Series Desktop Processors
“Matisse” AM4|AMD Ryzen™ 5000 Series Desktop Processors
“Vermeer” AM4|AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
“Cezanne” AM4
—|—|—|—|—|—
Minimum version to mitigate all listed CVEs|Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8|**PinnaclePI-AM4 1.0.0.C
ComboAM4PI 1.0.0.8
ComboAM4v2 PI 1.2.0.4
**|ComboAM4PI 1.0.0.9 ComboAM4 V2 PI 1.2.0.8|ComboAM4 V2 PI 1.2.0.8|**ComboAM4v2 PI 1.2.0.8
**
CVE-2020-12930| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| ComboAM4PI 1.0.0.9
ComboAM4 V2 PI 1.2.0.8| ComboAM4 V2 PI 1.2.0.8| ComboAM4v2 PI 1.2.0.4
CVE-2020-12931| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| ComboAM4v2 PI 1.2.0.4
CVE-2021-26354| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4 V2 PI 1.2.0.6| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| ComboAM4v2 PI 1.2.0.5
CVE-2021-26356| N/A| N/A| ComboAM4 V2 PI 1.2.0.6
ComboAM4PI 1.0.0.8| ComboAM4 V2 PI 1.2.0.6| N/A
CVE-2021-26365| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-26371| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| N/A| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| N/A
CVE-2021-26391| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-26392| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| ComboAM4PI 1.0.0.9
ComboAM4 V2 PI 1.2.0.8| ComboAM4 V2 PI 1.2.0.8| ComboAM4v2 PI 1.2.0.6
CVE-2021-26393| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.6
CVE-2021-26406| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6
ComboAM4PI 1.0.0.8| ComboAM4 V2 PI 1.2.0.6
(2022-01-07)| N/A
CVE-2021-46749| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| ComboAM4PI 1.0.0.9
ComboAM4 V2 PI 1.2.0.8| ComboAM4 V2 PI 1.2.0.8| ComboAM4v2 PI 1.2.0.5
CVE-2021-46753| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-46754| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-46755| N/A| N/A| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| ComboAM4v2 PI 1.2.0.5
CVE-2021-46756| Raven-FP5-AM4 1.1.0.E PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4 V2 PI 1.2.0.6| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| ComboAM4v2 PI 1.2.0.5
CVE-2021-46759| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-46760| N/A| N/A| N/A| N/A| N/A
CVE-2021-46765| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.8
CVE-2021-46773| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C| PinnaclePI-AM4 1.0.0.C| ComboAM4PI 1.0.0.8
ComboAM4 V2 PI 1.2.0.6| ComboAM4 V2 PI 1.2.0.6| ComboAM4v2 PI 1.2.0.6
CVE-2021-46792| Raven-FP5-AM4 1.0.0.9
PinnaclePI-AM4 1.0.0.7| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5
CVE-2021-46794| Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| N/A| ComboAM4PI 1.0.0.9
ComboAM4 V2 PI 1.2.0.8| ComboAM4 V2 PI 1.2.0.8| ComboAM4v2 PI 1.2.0.5

HIGH END DESKTOP

CVE|2nd Gen AMD Ryzen™ Threadripper™ Processors
“Colfax”|3rd Gen AMD Ryzen™ Threadripper™ Processors
“Castle Peak” HEDT
—|—|—
Minimum version to mitigate all listed CVEs|SummitPI-SP3r2 1.1.0.5
|CastlePeakPI-SP3r3 1.0.0.7
CVE-2020-12930| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2020-12931| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-26354| SummitPI-SP3r2 1.1.0.5| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-26356****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-26365****| N/A| N/A
CVE-2021-26371****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-26391****| N/A| N/A
CVE-2021-26392****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-26393****| N/A| N/A
CVE-2021-26406****| SummitPI-SP3r2 1.1.0.5| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46749****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46753****| N/A| N/A
CVE-2021-46754****| N/A| N/A
CVE-2021-46755****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46756****| SummitPI-SP3r2 1.1.0.5| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46759****| N/A| N/A
CVE-2021-46760****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46765****| N/A| N/A
CVE-2021-46773****| N/A| CastlePeakPI-SP3r3 1.0.0.7
CVE-2021-46792****| N/A| N/A
CVE-2021-46794****| N/A| CastlePeakPI-SP3r3 1.0.0.7

WORKSTATION

CVE|AMD Ryzen™ Threadripper™ PRO Processors
“Castle Peak” WS|AMD Ryzen™ Threadripper™ PRO Processors
“Chagall” WS
—|—|—
Minimum version to mitigate all listed CVEs|CastlePeakWSPI-sWRX8 1.0.0.9 ChagallWSPI-sWRX8 1.0.0.2|ChagallWSPI-sWRX8 1.0.0.2
CVE-2020-12930| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2| ChagallWSPI-sWRX8 1.0.0.2
CVE-2020-12931| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2| ChagallWSPI-sWRX8 1.0.0.2
CVE-2021-26354****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.0****
CVE-2021-26356****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.1****
CVE-2021-26365****| N/A****| N/A****
CVE-2021-26371****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.2****
CVE-2021-26391****| N/A****| N/A****
CVE-2021-26392****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.2****
CVE-2021-26393****| N/A****| N/A****
CVE-2021-26406****| CastlePeakWSPI-sWRX8 1.0.0.9
N/A - ChagallWSPI-sWRX8****| N/A****
CVE-2021-46749****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.2****
CVE-2021-46753****| N/A****| N/A****
CVE-2021-46754****| N/A****| N/A****
CVE-2021-46755****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.2
CVE-2021-46756****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2| N/A****
CVE-2021-46759****| N/A****| N/A****
CVE-2021-46760****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| N/A****
CVE-2021-46765****| N/A****| N/A****
CVE-2021-46773****| CastlePeakWSPI-sWRX8 1.0.0.9****| ChagallWSPI-sWRX8 1.0.0.0****
CVE-2021-46792****| N/A****| N/A****
CVE-2021-46794****| CastlePeakWSPI-sWRX8 1.0.0.9
ChagallWSPI-sWRX8 1.0.0.2****| ChagallWSPI-sWRX8 1.0.0.2****

MOBILE - AMD Athlon™ Series

CVE|AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
“Dali”/”Dali” ULP|AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
“Pollock”
—|—|—
Minimum version to mitigate all listed CVEs|PicassoPI-FP5 1.0.0.E|PollockPI-FT5 1.0.0.4
CVE-2020-12930| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2020-12931| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-26354| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE-2021-26356| N/A| N/A
CVE-2021-26365| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE-2021-26371| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE-2021-26391| N/A| N/A
CVE-2021-26392| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-26393| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.4
CVE-2021-26406| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE-2021-46749| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-46753| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-46754| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-46755| N/A| N/A
CVE-2021-46756| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE-2021-46759| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4
CVE-2021-46760| N/A| N/A
CVE-2021-46765| N/A| N/A
CVE-2021-46773| N/A| N/A
CVE-2021-46792| PicassoPI-FP5 1.0.0.4| N/A
CVE-2021-46794| PicassoPI-FP5 1.0.0.E| PollockPI-FT5 1.0.0.4

MOBILE - AMD Ryzen™ Series

CVE|AMD Ryzen™ 2000 Series Mobile Processors
“Raven Ridge” FP5|AMD Ryzen™ 3000 Series Mobile Processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics
“Picasso”|AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics
“Renoir” FP6|AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Lucienne”|AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Cezanne”|AMD Ryzen™ 6000 Series Mobile Processors
“Rembrandt”
—|—|—|—|—|—|—
Minimum version to mitigate all listed CVEs|Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8|PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8|RenoirPI-FP6 1.0.0.9 ComboAM4v2 PI 1.2.0.8|CezannePI-FP6 1.0.0.B|CezannePI-FP6 1.0.0.B|RembrandtPI-FP7_1.0.0.5
CVE-2020-12930| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.7
ComboAM4v2 PI 1.2.0.4| CezannePI-FP6 1.0.0.4| CezannePI-FP6 1.0.0.4| N/A
CVE-2020-12931| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.7
ComboAM4v2 PI 1.2.0.4| CezannePI-FP6 1.0.0.4| CezannePI-FP6 1.0.0.4| N/A
CVE-2021-26354| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| N/A
CVE-2021-26356| N/A| N/A| N/A| N/A| N/A| N/A
CVE-2021-26365| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| RMB 1.0.0.4
CVE-2021-26371| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| N/A| N/A| N/A| N/A
CVE-2021-26391| N/A| N/A| RenoirPI-FP6 1.0.0.7
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A
CVE-2021-26392| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP61.0.0.9| CezannePI-FP6 1.0.0.9| N/A
CVE-2021-26393| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP61.0.0.9| CezannePI-FP6 1.0.0.9| N/A
CVE-2021-26406| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| N/A| N/A| N/A| N/A
CVE-2021-46749| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| N/A
CVE-2021-46753| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| RembrandtPI-FP7_1.0.0.5
CVE-2021-46754| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.7
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A
CVE-2021-46755| N/A| N/A| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| N/A
CVE-2021-46756| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C
ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6C| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.6 C| RenoirPI-FP6 1.0.0.7
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A
CVE-2021-46759| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.8
ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| N/A
CVE-2021-46760| N/A| N/A| N/A| N/A| N/A| N/A
CVE-2021-46765| N/A| N/A| RenoirPI-FP6 1.0.0.9
ComboAM4v2 PI 1.2.0.8| CezannePI-FP6 1.0.0.B| CezannePI-FP6 1.0.0.B| RembrandtPI-FP7_1.0.0.5
CVE-2021-46773| Raven-FP5-AM4 1.1.0.E
PinnaclePI-AM4 1.0.0.C| N/A| RenoirPI-FP6 1.0.0.8 ComboAM4v2 PI 1.2.0.6| CezannePI-FP6 1.0.0.8| CezannePI-FP6 1.0.0.8| N/A
CVE-2021-46792| Raven-FP5-AM4 1.0.0.9
PinnaclePI-AM4 1.0.0.7| Picasso PI-FP5 1.0.0.4| RenoirPI-FP6 1.0.0.7 omboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A
CVE-2021-46794| Raven-FP5-AM4 1.1.0.F
PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| PicassoPI-FP5 1.0.0.E ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8| RenoirPI-FP6 1.0.0.7 omboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A

Related

hp 3
amd 3
prion 21
cvelist 21
cve 21
redhatcve 5
hp
hp
AMD Client UEFI Firmware May 2023 Security Update
2023-05-09 00:00:00
AMD Client UEFI Firmware November 2022 Security Update
2022-12-14 00:00:00
AMD Graphics Driver November 2022 Security Update
2022-11-08 00:00:00
amd
amd
AMD Graphics Driver Vulnerabilities – November 2022
2022-11-08 00:00:00
AMD Server Vulnerabilities – May 2023
2023-05-09 00:00:00
AMD Embedded Processors Vulnerabilities – February 2024
2024-02-13 00:00:00
prion
prion
Design/Logic Flaw
2023-05-09 20:15:00
Default credentials
2023-05-09 20:15:00
Input validation
2023-05-09 20:15:00
cvelist
cvelist
CVE-2021-46759
2023-05-09 19:00:53
CVE-2020-12931
2022-11-08 00:00:00
CVE-2021-46760
2023-05-09 19:01:05
cve
cve
CVE-2020-12931
2022-11-09 21:15:00
CVE-2021-46759
2023-05-09 20:15:00
CVE-2021-46792
2023-05-09 20:15:00
redhatcve
redhatcve
CVE-2021-26391
2023-01-25 05:36:26
CVE-2020-12931
2023-01-25 05:36:06
CVE-2021-26393
2023-01-25 05:36:46

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.6%

JSON
Related for AMD-SB-4001
hp3amd3prion21cvelist21cve21redhatcve5