Lucene search
+L
AmdRyzen 5 2600 Firmware

22 matches found

CVE
CVE
added 2022/03/11 5:54 p.m.457 views

CVE-2021-26401

CVE-2021-26401 concerns Spectre Variant 2 mitigation on AMD CPUs. The description states that LFENCE/JMP mitigation (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD processors. AMD advisories (AMD-SB-1040 and AMD-SB-1036) discuss mitigations and supported approaches: use ...

5.6CVSS6.5AI score0.00288EPSS
CVE
CVE
added 2022/07/12 3:50 p.m.394 views

CVE-2022-29900

CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...

6.5CVSS7.3AI score0.03764EPSS
CVE
CVE
added 2022/07/14 7:27 p.m.392 views

CVE-2022-23825

CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...

6.5CVSS6.8AI score0.00785EPSS
CVE
CVE
added 2022/03/11 5:54 p.m.337 views

CVE-2021-26341

CVE-2021-26341 affects AMD CPUs; transient execution beyond unconditional direct branches may leak data. Public details describe local access risk with low NVD CVSS v2 but medium CVSS v3.1 (6.5) and local attack vector. Connected advisories (MiracleLinux, IBM/Red Hat and others) mention this CVE ...

6.5CVSS7.2AI score0.00316EPSS
CVE
CVE
added 2023/02/14 7:34 p.m.253 views

CVE-2022-27672

CVE-2022-27672 describes a local information disclosure vulnerability on certain AMD CPUs where, when SMT is enabled, the processor may speculatively execute instructions using a target from the sibling thread after an SMT mode switch. The underlying issue is tied to speculative execution across ...

4.7CVSS6.3AI score0.00289EPSS
CVE
CVE
added 2022/11/09 8:48 p.m.242 views

CVE-2022-23824

Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...

5.5CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2022/06/15 7:13 p.m.158 views

CVE-2022-23823

CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...

6.5CVSS6AI score0.01044EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.128 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2022/05/12 6:22 p.m.122 views

CVE-2021-26368

CVE-2021-26368 is an AMD firmware/Trusted OS issue where insufficient process-type checking can allow a less-privileged process to unmap memory owned by a higher-privileged process, causing denial of service. The AMD advisory (AMD-SB-1027) and related CVE table map this to multiple AMD Ryzen plat...

4.9CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2022/05/10 6:24 p.m.116 views

CVE-2021-26390

CVE-2021-26390 affects AMD’s boot flow (UApp/ABL) where a malicious or compromised UApp/ABL can coerce the bootloader to corrupt arbitrary memory, potentially compromising data integrity. The vulnerability is tracked across AMD client and server platforms (ASP/SMU/bootloader chain) with a medium ...

6.2CVSS6.9AI score0.0023EPSS
CVE
CVE
added 2022/05/12 5:9 p.m.109 views

CVE-2021-26366

CVE-2021-26366 is documented by AMD in AMD-SB-1027 as a vulnerability where an attacker with elevated privileges could read data from Boot ROM, compromising system integrity. The AMD bulletin lists CVE-2021-26366 under desktop/mobile/server SKUs and ties it to AGESA PI firmware fixes. Mitigation:...

7.1CVSS7.1AI score0.0023EPSS
CVE
CVE
added 2023/03/23 6:50 p.m.106 views

CVE-2023-20558

CVE-2023-20558 involves AMD Secure Processor/SMU SMM code. The root cause is insufficient control flow management in AmdCpmOemSmm, which could allow a privileged attacker to tamper with the SMM handler and escalate privileges. Affected software/hardware: AMD Ryzen 2000 series desktop processors (...

8.8CVSS8.6AI score0.00667EPSS
CVE
CVE
added 2022/05/12 6:28 p.m.97 views

CVE-2021-26386

CVE-2021-26386 describes a vulnerability where a malicious or compromised UApp or ABL can issue a malformed system call to the Stage 2 Bootloader, potentially causing memory corruption and code execution. AMD’s AMD-SB-1027 bulletin lists this CVE among a set of AMD platform risks and maps it to a...

7.8CVSS8AI score0.00262EPSS
CVE
CVE
added 2022/05/12 6:27 p.m.94 views

CVE-2021-26317

CVE-2021-26317: The AMD SMM protocol verification failure allows an attacker to take control of the SMM protocol and modify SPI flash, potentially enabling arbitrary code execution. Public documentation ties this to AMD’s SMM/ASP/SEV family and lists it among AMD client vulnerabilities with a hig...

7.8CVSS8.1AI score0.00268EPSS
CVE
CVE
added 2022/05/12 5:43 p.m.92 views

CVE-2021-26362

Summary: CVE-2021-26362 describes a vulnerability in AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can issue a malformed system call to map sensitive SMN registers, potentially compromising integrity and availability. The CVE is associated with AMD platforms and is mi...

7.1CVSS7.2AI score0.00209EPSS
CVE
CVE
added 2022/05/12 5:46 p.m.91 views

CVE-2021-26361

The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...

5.5CVSS6AI score0.00227EPSS
CVE
CVE
added 2022/07/14 7:28 p.m.91 views

CVE-2021-26384

CVE-2021-26384 is a vulnerability described as a malformed System Management Interface (SMI) command that can corrupt the SMI Trigger Info data structure, potentially enabling out-of-bounds memory reads/writes when an SMI is triggered. The AMD ADM/AMD-SB-1027 bulletin lists this CVE among others ...

7.8CVSS7.9AI score0.00203EPSS
CVE
CVE
added 2022/05/12 5:7 p.m.89 views

CVE-2021-26369

CVE-2021-26369 : AMD systems vulnerable when a malicious or compromised UApp or ABL sends a malformed system call to the bootloader, causing out-of-bounds memory accesses in the AMD System Management Unit/boot path. The AMD bulletin AMD-SB-1027 aggregates this with multiple platform family mitiga...

7.8CVSS7.8AI score0.00229EPSS
CVE
CVE
added 2022/05/10 6:26 p.m.87 views

CVE-2021-26352

CVE-2021-26352 corresponds to an AMD SMU issue where insufficient bound checks in the System Management Unit (SMU) PCIe Hot Plug table can allow access/updates to invalid address space, potentially causing a denial of service. Connected AMD bulletin documents (AMD-SB-1027/AMD-SB-1021) list this C...

5.5CVSS6.3AI score0.00216EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.85 views

CVE-2021-46778

CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...

5.6CVSS5.7AI score0.00219EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.84 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2023/03/23 6:49 p.m.70 views

CVE-2023-20559

The CVE-2023-20559 entry concerns AMD Ryzen 2000-series CPUs with a vulnerability in the System Management Mode (SMM) component. Specifically, insufficient control flow management in AmdCpmGpioInitSmm could allow a privileged attacker to tamper with the SMM handler, potentially leading to privile...

8.8CVSS8.6AI score0.00667EPSS