Lucene search
K
AmdRyzen 5 2500u Firmware

32 matches found

CVE
CVE
added 2022/03/11 5:54 p.m.453 views

CVE-2021-26401

CVE-2021-26401 concerns Spectre Variant 2 mitigation on AMD CPUs. The description states that LFENCE/JMP mitigation (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD processors. AMD advisories (AMD-SB-1040 and AMD-SB-1036) discuss mitigations and supported approaches: use ...

5.6CVSS6.5AI score0.00284EPSS
CVE
CVE
added 2022/07/12 3:50 p.m.391 views

CVE-2022-29900

CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...

6.5CVSS7.3AI score0.03764EPSS
CVE
CVE
added 2022/07/14 7:27 p.m.390 views

CVE-2022-23825

CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...

6.5CVSS6.8AI score0.00772EPSS
CVE
CVE
added 2022/03/11 5:54 p.m.336 views

CVE-2021-26341

CVE-2021-26341 affects AMD CPUs; transient execution beyond unconditional direct branches may leak data. Public details describe local access risk with low NVD CVSS v2 but medium CVSS v3.1 (6.5) and local attack vector. Connected advisories (MiracleLinux, IBM/Red Hat and others) mention this CVE ...

6.5CVSS7.2AI score0.00306EPSS
CVE
CVE
added 2023/02/14 7:34 p.m.249 views

CVE-2022-27672

CVE-2022-27672 describes a local information disclosure vulnerability on certain AMD CPUs where, when SMT is enabled, the processor may speculatively execute instructions using a target from the sibling thread after an SMT mode switch. The underlying issue is tied to speculative execution across ...

4.7CVSS6.3AI score0.00289EPSS
CVE
CVE
added 2022/11/09 8:48 p.m.238 views

CVE-2022-23824

Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...

5.5CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2022/06/15 7:13 p.m.156 views

CVE-2022-23823

CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...

6.5CVSS6AI score0.01044EPSS
CVE
CVE
added 2022/05/11 4:18 p.m.153 views

CVE-2021-26339

Technical details are not publicly available in the provided documents for CVE-2021-26339. Monitor for updates from vendor advisories; no specific affected products, impact, or remediation details are present in the supplied materials.

5.5CVSS5.9AI score0.00265EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.124 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2022/05/12 6:22 p.m.120 views

CVE-2021-26368

CVE-2021-26368 is an AMD firmware/Trusted OS issue where insufficient process-type checking can allow a less-privileged process to unmap memory owned by a higher-privileged process, causing denial of service. The AMD advisory (AMD-SB-1027) and related CVE table map this to multiple AMD Ryzen plat...

4.9CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2022/05/11 4:28 p.m.120 views

CVE-2021-26376

CVE-2021-26376 is referenced across multiple SUSE kernel-firmware advisories (SUSE-SU-2022-1840/1846/1847-1, etc.) as part of a family of SMU flaws. The description in the CVE entry states that insufficient checks in the System Management Unit (SMU) FeatureConfig may reenforce features and cause ...

5.5CVSS5.9AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:20 p.m.111 views

CVE-2021-26375

Technical details for CVE-2021-26375 are not publicly provided in the supplied documents; no affected products, exploit vectors, or fixes are stated here. Monitor for updates from the listed advisories.

5.5CVSS5.8AI score0.00217EPSS
CVE
CVE
added 2022/05/12 5:9 p.m.107 views

CVE-2021-26366

CVE-2021-26366 is documented by AMD in AMD-SB-1027 as a vulnerability where an attacker with elevated privileges could read data from Boot ROM, compromising system integrity. The AMD bulletin lists CVE-2021-26366 under desktop/mobile/server SKUs and ties it to AGESA PI firmware fixes. Mitigation:...

7.1CVSS7.1AI score0.0023EPSS
CVE
CVE
added 2022/05/11 4:29 p.m.106 views

CVE-2021-26388

CVE-2021-26388 matches the initial description: improper validation of the BIOS directory can cause reads beyond the RAM directory table, exposing out-of-bounds memory and potentially causing a denial of service. Connected advisories (SUSE-SU-2022:1840-1, 1846-1, 1847-1) reference this CVE as par...

5.5CVSS5.8AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:23 p.m.104 views

CVE-2021-26378

CVE-2021-26378 is an SMU (System Management Unit) bound-check issue that can cause denial of service by exposing invalid address space. The descriptor in the initial document states only a bound-check deficiency in the SMU leading to DoS, with CVSS v3.1 base score 5.5 (Local, Low privileges requi...

5.5CVSS5.8AI score0.00212EPSS
CVE
CVE
added 2023/03/23 6:50 p.m.103 views

CVE-2023-20558

CVE-2023-20558 involves AMD Secure Processor/SMU SMM code. The root cause is insufficient control flow management in AmdCpmOemSmm, which could allow a privileged attacker to tamper with the SMM handler and escalate privileges. Affected software/hardware: AMD Ryzen 2000 series desktop processors (...

8.8CVSS8.6AI score0.00667EPSS
CVE
CVE
added 2022/05/12 6:28 p.m.96 views

CVE-2021-26386

CVE-2021-26386 describes a vulnerability where a malicious or compromised UApp or ABL can issue a malformed system call to the Stage 2 Bootloader, potentially causing memory corruption and code execution. AMD’s AMD-SB-1027 bulletin lists this CVE among a set of AMD platform risks and maps it to a...

7.8CVSS8AI score0.00262EPSS
CVE
CVE
added 2022/05/11 4:27 p.m.95 views

CVE-2021-26373

CVE-2021-26373 involves insufficient bound checks in the System Management Unit (SMU) that can cause a system voltage malfunction and potentially deny resources or service. The connected advisories (SUSE kernel-firmware updates SUSE-SU-2022:1840/1846/1923 and related OpenVAS entries) indicate thi...

5.5CVSS5.9AI score0.00212EPSS
CVE
CVE
added 2022/05/12 6:27 p.m.92 views

CVE-2021-26317

CVE-2021-26317: The AMD SMM protocol verification failure allows an attacker to take control of the SMM protocol and modify SPI flash, potentially enabling arbitrary code execution. Public documentation ties this to AMD’s SMM/ASP/SEV family and lists it among AMD client vulnerabilities with a hig...

7.8CVSS8.1AI score0.00268EPSS
CVE
CVE
added 2022/05/12 5:43 p.m.91 views

CVE-2021-26362

Summary: CVE-2021-26362 describes a vulnerability in AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can issue a malformed system call to map sensitive SMN registers, potentially compromising integrity and availability. The CVE is associated with AMD platforms and is mi...

7.1CVSS7.2AI score0.00209EPSS
CVE
CVE
added 2022/07/14 7:28 p.m.90 views

CVE-2021-26384

CVE-2021-26384 is a vulnerability described as a malformed System Management Interface (SMI) command that can corrupt the SMI Trigger Info data structure, potentially enabling out-of-bounds memory reads/writes when an SMI is triggered. The AMD ADM/AMD-SB-1027 bulletin lists this CVE among others ...

7.8CVSS7.9AI score0.00196EPSS
CVE
CVE
added 2022/05/12 5:46 p.m.89 views

CVE-2021-26361

The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...

5.5CVSS6AI score0.00227EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.88 views

CVE-2020-12930

CVE-2020-12930 is an AMD ASP/PSP driver vulnerability described as improper parameter handling that could allow a privileged attacker to elevate privileges, potentially compromising integrity. The AMD security bulletin AMD-SB-5001 maps this CVE to various AMD Embedded/ Ryzen platforms and provide...

7.8CVSS7.5AI score0.00251EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.86 views

CVE-2021-26393

CVE-2021-26393 describes insufficient memory cleanup in the AMD Secure Processor (ASP) TEE, which could allow an authenticated user with privileges to generate a valid signed TA and potentially poison process memory, leading to confidentiality loss. The connected AMD security bulletin (AMD-SB-500...

5.5CVSS6.2AI score0.00247EPSS
CVE
CVE
added 2022/05/12 5:7 p.m.85 views

CVE-2021-26369

CVE-2021-26369 : AMD systems vulnerable when a malicious or compromised UApp or ABL sends a malformed system call to the bootloader, causing out-of-bounds memory accesses in the AMD System Management Unit/boot path. The AMD bulletin AMD-SB-1027 aggregates this with multiple platform family mitiga...

7.8CVSS7.8AI score0.00229EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.82 views

CVE-2020-12931

The CVE-2020-12931 issue affects the AMD Secure Processor (ASP) kernel, caused by improper parameter handling, enabling a privileged attacker to elevate privileges and potentially compromise integrity. AMD’s AMD-SB-5001 bulletin maps this vulnerability across ASP/PSP components (ASP kernel) and p...

7.8CVSS7.3AI score0.00251EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.81 views

CVE-2021-46778

CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...

5.6CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.78 views

CVE-2021-26392

CVE-2021-26392 involves insufficient verification of a missing size check in LoadModule, leading to an out-of-bounds write that could enable code execution in the OS/kernel via loading a malicious TA. AMD’s related bulletin (AMD-SB-5001) labels this CVE as Medium and provides mitigations through ...

7.8CVSS8.1AI score0.0026EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.71 views

CVE-2021-26365

CVE-2021-26365 concerns AMD Secure Processor (ASP) and AMD System Management Unit (SMU) firmware where certain size values in firmware binary headers can cause out-of-bounds reads during signature validation, potentially enabling denial of service or leakage of memory contents. Public references ...

8.2CVSS8.7AI score0.00571EPSS
CVE
CVE
added 2023/03/23 6:49 p.m.66 views

CVE-2023-20559

The CVE-2023-20559 entry concerns AMD Ryzen 2000-series CPUs with a vulnerability in the System Management Mode (SMM) component. Specifically, insufficient control flow management in AmdCpmGpioInitSmm could allow a privileged attacker to tamper with the SMM handler, potentially leading to privile...

8.8CVSS8.6AI score0.00667EPSS