Lucene search
K
AmdRyzen 9 5900 Firmware

16 matches found

CVE
CVE
added 2023/08/08 5:2 p.m.501 views

CVE-2023-20569

CVE-2023-20569 concerns a side-channel vulnerability in some AMD CPUs where an attacker may influence the return-address predictor, enabling speculative execution at attacker-controlled addresses and potential information disclosure. The vulnerability is discussed across multiple connected source...

4.7CVSS6.6AI score0.0616EPSS
CVE
CVE
added 2023/11/14 6:54 p.m.135 views

CVE-2022-23821

CVE-2022-23821 describes an improper access control in AMD System Management Mode (SMM) that could allow an attacker to write to SPI ROM and potentially achieve arbitrary code execution. Connected sources indicate this affects AMD ASP/SMM components and is mitigated by Platform Initialization (PI...

9.8CVSS9.5AI score0.00989EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.127 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2023/01/10 7:50 p.m.100 views

CVE-2021-26346

CVE-2021-26346 affects AMD Secure Processor (ASP) bootloader: failure to validate the integer operand can enable an integer overflow in the L2 directory table in SPI flash, leading to potential denial of service. Affected by several AMD/industry advisories; mitigation requires firmware/BIOS updat...

5.5CVSS6AI score0.00212EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.90 views

CVE-2020-12930

CVE-2020-12930 is an AMD ASP/PSP driver vulnerability described as improper parameter handling that could allow a privileged attacker to elevate privileges, potentially compromising integrity. The AMD security bulletin AMD-SB-5001 maps this CVE to various AMD Embedded/ Ryzen platforms and provide...

7.8CVSS7.5AI score0.00251EPSS
CVE
CVE
added 2023/08/08 5:7 p.m.88 views

CVE-2023-20555

CVE-2023-20555 is an AMD SMM memory corruption flaw due to insufficient input validation in CpmDisplayFeatureSmm, allowing an attacker to overwrite an arbitrary bit in an attacker-controlled pointer and potentially execute code in SMM. Connected sources indicate this affects AMD processors with S...

7.8CVSS7.7AI score0.00299EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.83 views

CVE-2020-12931

The CVE-2020-12931 issue affects the AMD Secure Processor (ASP) kernel, caused by improper parameter handling, enabling a privileged attacker to elevate privileges and potentially compromise integrity. AMD’s AMD-SB-5001 bulletin maps this vulnerability across ASP/PSP components (ASP kernel) and p...

7.8CVSS7.3AI score0.00251EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.82 views

CVE-2022-23820

CVE-2022-23820 corresponds to a vulnerability in AMD ASP/PSP/SMM handling where failure to validate the AMD SMM communication buffer could allow an attacker to corrupt SMRAM and achieve arbitrary code execution. Public details in AMD’s bulletin AMD-SB-5001 confirm the issue and map it to multiple...

9.8CVSS8.5AI score0.00697EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.79 views

CVE-2021-26392

CVE-2021-26392 involves insufficient verification of a missing size check in LoadModule, leading to an out-of-bounds write that could enable code execution in the OS/kernel via loading a malicious TA. AMD’s related bulletin (AMD-SB-5001) labels this CVE as Medium and provides mitigations through ...

7.8CVSS8.1AI score0.0026EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.75 views

CVE-2023-20533

CVE-2023-20533 is documented in multiple trusted sources as a vulnerability in the AMD SMU/ASP ecosystem: it describes insufficient DRAM address validation in the System Management Unit (SMU), which may allow a DMA attacker to read/write invalid DRAM addresses and could lead to denial of service....

7.5CVSS7.5AI score0.00499EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.72 views

CVE-2021-26365

CVE-2021-26365 concerns AMD Secure Processor (ASP) and AMD System Management Unit (SMU) firmware where certain size values in firmware binary headers can cause out-of-bounds reads during signature validation, potentially enabling denial of service or leakage of memory contents. Public references ...

8.2CVSS8.7AI score0.00571EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.70 views

CVE-2021-46774

CVE-2021-46774 describes insufficient input validation in the AMD ABL, enabling a privileged attacker to perform arbitrary DRAM writes and potentially execute code or escalate privileges. Connected advisories confirm this vulnerability is among issues addressed by AMD/PI firmware updates and kern...

7.5CVSS7.8AI score0.00508EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.69 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2023/08/08 5:4 p.m.68 views

CVE-2023-20589

The CVE-2023-20589 entry corresponds to a voltage fault injection vulnerability affecting fTPM ASP secure boot on AMD Ryzen platforms (Zen 1/2/3). The AMD-SB-4005 bulletin provides concrete details: potential arbitrary code execution via physical access and specialized hardware, impacting a wide ...

6.8CVSS6.7AI score0.00508EPSS