32 matches found
CVE-2021-26401
CVE-2021-26401 concerns Spectre Variant 2 mitigation on AMD CPUs. The description states that LFENCE/JMP mitigation (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD processors. AMD advisories (AMD-SB-1040 and AMD-SB-1036) discuss mitigations and supported approaches: use ...
CVE-2022-29900
CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...
CVE-2022-23825
CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...
CVE-2021-26341
CVE-2021-26341 affects AMD CPUs; transient execution beyond unconditional direct branches may leak data. Public details describe local access risk with low NVD CVSS v2 but medium CVSS v3.1 (6.5) and local attack vector. Connected advisories (MiracleLinux, IBM/Red Hat and others) mention this CVE ...
CVE-2022-27672
CVE-2022-27672 describes a local information disclosure vulnerability on certain AMD CPUs where, when SMT is enabled, the processor may speculatively execute instructions using a target from the sibling thread after an SMT mode switch. The underlying issue is tied to speculative execution across ...
CVE-2022-23824
Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...
CVE-2022-23823
CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...
CVE-2021-26339
Technical details are not publicly available in the provided documents for CVE-2021-26339. Monitor for updates from vendor advisories; no specific affected products, impact, or remediation details are present in the supplied materials.
CVE-2021-26316
CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...
CVE-2021-26368
CVE-2021-26368 is an AMD firmware/Trusted OS issue where insufficient process-type checking can allow a less-privileged process to unmap memory owned by a higher-privileged process, causing denial of service. The AMD advisory (AMD-SB-1027) and related CVE table map this to multiple AMD Ryzen plat...
CVE-2021-26376
CVE-2021-26376 is referenced across multiple SUSE kernel-firmware advisories (SUSE-SU-2022-1840/1846/1847-1, etc.) as part of a family of SMU flaws. The description in the CVE entry states that insufficient checks in the System Management Unit (SMU) FeatureConfig may reenforce features and cause ...
CVE-2021-26375
Technical details for CVE-2021-26375 are not publicly provided in the supplied documents; no affected products, exploit vectors, or fixes are stated here. Monitor for updates from the listed advisories.
CVE-2021-26366
CVE-2021-26366 is documented by AMD in AMD-SB-1027 as a vulnerability where an attacker with elevated privileges could read data from Boot ROM, compromising system integrity. The AMD bulletin lists CVE-2021-26366 under desktop/mobile/server SKUs and ties it to AGESA PI firmware fixes. Mitigation:...
CVE-2021-26388
CVE-2021-26388 matches the initial description: improper validation of the BIOS directory can cause reads beyond the RAM directory table, exposing out-of-bounds memory and potentially causing a denial of service. Connected advisories (SUSE-SU-2022:1840-1, 1846-1, 1847-1) reference this CVE as par...
CVE-2021-26378
CVE-2021-26378 is an SMU (System Management Unit) bound-check issue that can cause denial of service by exposing invalid address space. The descriptor in the initial document states only a bound-check deficiency in the SMU leading to DoS, with CVSS v3.1 base score 5.5 (Local, Low privileges requi...
CVE-2023-20558
CVE-2023-20558 involves AMD Secure Processor/SMU SMM code. The root cause is insufficient control flow management in AmdCpmOemSmm, which could allow a privileged attacker to tamper with the SMM handler and escalate privileges. Affected software/hardware: AMD Ryzen 2000 series desktop processors (...
CVE-2021-26386
CVE-2021-26386 describes a vulnerability where a malicious or compromised UApp or ABL can issue a malformed system call to the Stage 2 Bootloader, potentially causing memory corruption and code execution. AMD’s AMD-SB-1027 bulletin lists this CVE among a set of AMD platform risks and maps it to a...
CVE-2021-26373
CVE-2021-26373 involves insufficient bound checks in the System Management Unit (SMU) that can cause a system voltage malfunction and potentially deny resources or service. The connected advisories (SUSE kernel-firmware updates SUSE-SU-2022:1840/1846/1923 and related OpenVAS entries) indicate thi...
CVE-2021-26317
CVE-2021-26317: The AMD SMM protocol verification failure allows an attacker to take control of the SMM protocol and modify SPI flash, potentially enabling arbitrary code execution. Public documentation ties this to AMD’s SMM/ASP/SEV family and lists it among AMD client vulnerabilities with a hig...
CVE-2021-26362
Summary: CVE-2021-26362 describes a vulnerability in AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can issue a malformed system call to map sensitive SMN registers, potentially compromising integrity and availability. The CVE is associated with AMD platforms and is mi...
CVE-2021-26384
CVE-2021-26384 is a vulnerability described as a malformed System Management Interface (SMI) command that can corrupt the SMI Trigger Info data structure, potentially enabling out-of-bounds memory reads/writes when an SMI is triggered. The AMD ADM/AMD-SB-1027 bulletin lists this CVE among others ...
CVE-2021-26361
The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...
CVE-2020-12930
CVE-2020-12930 is an AMD ASP/PSP driver vulnerability described as improper parameter handling that could allow a privileged attacker to elevate privileges, potentially compromising integrity. The AMD security bulletin AMD-SB-5001 maps this CVE to various AMD Embedded/ Ryzen platforms and provide...
CVE-2021-26393
CVE-2021-26393 describes insufficient memory cleanup in the AMD Secure Processor (ASP) TEE, which could allow an authenticated user with privileges to generate a valid signed TA and potentially poison process memory, leading to confidentiality loss. The connected AMD security bulletin (AMD-SB-500...
CVE-2021-26369
CVE-2021-26369 : AMD systems vulnerable when a malicious or compromised UApp or ABL sends a malformed system call to the bootloader, causing out-of-bounds memory accesses in the AMD System Management Unit/boot path. The AMD bulletin AMD-SB-1027 aggregates this with multiple platform family mitiga...
CVE-2021-26371
The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...
CVE-2020-12931
The CVE-2020-12931 issue affects the AMD Secure Processor (ASP) kernel, caused by improper parameter handling, enabling a privileged attacker to elevate privileges and potentially compromise integrity. AMD’s AMD-SB-5001 bulletin maps this vulnerability across ASP/PSP components (ASP kernel) and p...
CVE-2021-26354
CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...
CVE-2021-46778
CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...
CVE-2021-26392
CVE-2021-26392 involves insufficient verification of a missing size check in LoadModule, leading to an out-of-bounds write that could enable code execution in the OS/kernel via loading a malicious TA. AMD’s related bulletin (AMD-SB-5001) labels this CVE as Medium and provides mitigations through ...
CVE-2021-26365
CVE-2021-26365 concerns AMD Secure Processor (ASP) and AMD System Management Unit (SMU) firmware where certain size values in firmware binary headers can cause out-of-bounds reads during signature validation, potentially enabling denial of service or leakage of memory contents. Public references ...
CVE-2023-20559
The CVE-2023-20559 entry concerns AMD Ryzen 2000-series CPUs with a vulnerability in the System Management Mode (SMM) component. Specifically, insufficient control flow management in AmdCpmGpioInitSmm could allow a privileged attacker to tamper with the SMM handler, potentially leading to privile...