Ryzen 7 Pro 2700u Firmware Security Vulnerabilities

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

CVE-2021-26339

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.

CVE-2021-26341

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

CVE-2021-26401

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.