Ryzen 5 3600 Firmware Security Vulnerabilities and Issues — Ryzen 5 3600 Firmware CVE List

Lucene search

AmdRyzen 5 3600 Firmware

11 matches found

CVE•added 2022/05/12 6:16 p.m.•88 views

CVE-2021-26366

An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.

7.1CVSS7.1AI score0.00129EPSS

CVE•added 2022/05/12 7:15 p.m.•85 views

CVE-2021-26386

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

7.8CVSS8AI score0.00192EPSS

CVE•added 2022/05/12 7:15 p.m.•84 views

CVE-2021-26317

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

7.8CVSS8.1AI score0.00192EPSS

CVE•added 2022/11/09 9:15 p.m.•78 views

CVE-2020-12930

Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

7.8CVSS7.5AI score0.00095EPSS

CVE•added 2022/05/12 6:16 p.m.•74 views

CVE-2021-26369

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

7.8CVSS7.8AI score0.00137EPSS

CVE•added 2022/11/09 9:15 p.m.•70 views

CVE-2020-12931

Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

7.8CVSS7.3AI score0.00095EPSS

CVE•added 2022/11/09 9:15 p.m.•66 views

CVE-2021-26392

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

7.8CVSS8.1AI score0.00126EPSS

CVE•added 2023/11/14 7:15 p.m.•59 views

CVE-2021-46774

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

7.5CVSS7.8AI score0.00022EPSS

CVE•added 2023/11/14 7:15 p.m.•58 views

CVE-2023-20533

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

7.5CVSS7.5AI score0.00033EPSS

CVE•added 2023/08/08 6:15 p.m.•55 views

CVE-2023-20555

Insufficient input validation inCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwritingan arbitrary bit in an attacker-controlled pointer potentially leading toarbitrary code execution in SMM.

7.8CVSS7.7AI score0.00054EPSS

CVE•added 2023/05/09 7:15 p.m.•53 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

7.4CVSS8.4AI score0.00135EPSS