Ryzen 3 2200u Firmware Security Vulnerabilities and Issues — Ryzen 3 2200u Firmware CVE List

Lucene search

AmdRyzen 3 2200u Firmware

13 matches found

CVE•added 2022/05/11 5:15 p.m.•138 views

CVE-2021-26339

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.

5.5CVSS5.9AI score0.00071EPSS

CVE•added 2022/05/11 5:15 p.m.•110 views

CVE-2021-26376

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.

5.5CVSS5.9AI score0.00061EPSS

CVE•added 2022/05/12 7:15 p.m.•108 views

CVE-2021-26368

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.

4.9CVSS5.4AI score0.00059EPSS

CVE•added 2022/05/11 5:15 p.m.•91 views

CVE-2021-26388

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

5.5CVSS5.8AI score0.00045EPSS

CVE•added 2022/05/11 5:15 p.m.•90 views

CVE-2021-26375

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.

5.5CVSS5.8AI score0.00063EPSS

CVE•added 2022/05/12 6:16 p.m.•87 views

CVE-2021-26366

An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.

7.1CVSS7.1AI score0.00139EPSS

CVE•added 2022/05/11 5:15 p.m.•86 views

CVE-2021-26378

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

5.5CVSS5.8AI score0.00069EPSS

CVE•added 2022/05/12 7:15 p.m.•84 views

CVE-2021-26386

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

7.8CVSS8AI score0.00206EPSS

CVE•added 2022/05/12 7:15 p.m.•83 views

CVE-2021-26317

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

7.8CVSS8.1AI score0.00206EPSS

CVE•added 2022/05/11 5:15 p.m.•83 views

CVE-2021-26373

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

5.5CVSS5.9AI score0.00069EPSS

CVE•added 2022/05/12 6:16 p.m.•80 views

CVE-2021-26362

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability.

7.1CVSS7.2AI score0.00135EPSS

CVE•added 2022/05/12 6:16 p.m.•74 views

CVE-2021-26361

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.

5.5CVSS6AI score0.00139EPSS

CVE•added 2022/05/12 6:16 p.m.•73 views

CVE-2021-26369

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

7.8CVSS7.8AI score0.00148EPSS