Ryzen Pro 3900 Firmware Security Vulnerabilities - 2023

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

CVE-2023-20563

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

CVE-2023-20565

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

CVE-2023-20571

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.