Ryzen Threadripper Pro 5995Wx Firmware Security Vulnerabilities - 2023

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

CVE-2021-26354

Insufficient bounds checking in ASP may allow anattacker to issue a system call from a compromised ABL which may causearbitrary memory values to be initialized to zero, potentially leading to aloss of integrity.

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

CVE-2021-26371

A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.

CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a targetfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.

CVE-2023-20558

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

CVE-2023-20559

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

CVE-2023-20589

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.