All the vulnerabilites related to AMD - AMD EPYC™ Embedded 3000
cve-2023-20578
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2025-03-18 20:03
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.htmlvendor-advisory
Impacted products
AMDAMD EPYC™ 7001 Processors
AMDAMD EPYC™ 7002 Processors
AMDAMD EPYC™ 7003 Processors
AMDAMD EPYC™ 9004 Processors
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD EPYC™ Embedded 9003
AMDAMD Ryzen™ Embedded 7000
AMDAMD RyzenTM Embedded V3000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7001",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.k"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.g"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_9004",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.1.0.a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7003",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_9003",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_7000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20578",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T15:56:35.845479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T20:03:43.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "PI",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "NaplesPI 1.0.0.K",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.G"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwl  PI 1.1.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.8"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:52:58.457Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20578",
    "datePublished": "2024-08-13T16:52:58.457Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2025-03-18T20:03:43.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21925
Vulnerability from cvelistv5
Published
2025-02-11 20:39
Modified
2025-06-27 21:55
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html
Impacted products
AMDAMD EPYC™ 7001 Processors
AMDAMD EPYC™ 7002 Processors
AMDAMD EPYC™ 9004 Processors
AMDAMD EPYC™ 7003 Processors
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Mobile Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD EPYC™ Embedded 9004
AMDAMD Ryzen™ Embedded 5000
AMDAMD Ryzen™ Embedded 7000
AMDAMD Ryzen™ Embedded V2000
AMDAMD Ryzen™ Embedded V3000
AMDAMD Ryzen™ Embedded 8000
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded V1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T21:01:07.683566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:35:34.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Naples PI 1.0.0.N"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rome PI 1.0.0.K"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa PI 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Milan PI 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.2b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.0.0.a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.C"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.2b"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.F"
            },
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.1.0.0h"
            },
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.0.0.1j"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            },
            {
              "status": "unaffected",
              "version": "PollockPI-FT5 1.0.0.8a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.Ea"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.7a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7  1.0.0.Ba"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7  1.0.0.Ba"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.8.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.1.8.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3f"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwlPI 1.1.0.E"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedV2KAPI-FP6 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI_FP7R2 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Embedded 8000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPIFP5 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
            }
          ],
          "value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:55:43.707Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21925",
    "datePublished": "2025-02-11T20:39:03.746Z",
    "dateReserved": "2024-01-03T16:43:09.232Z",
    "dateUpdated": "2025-06-27T21:55:43.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46774
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-10-11 18:07
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001vendor-advisory
Impacted products
AMDRyzen™ 3000 series Desktop Processors “Matisse"
AMDAMD Ryzen™ 5000 Series Desktop Processors “Vermeer”
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT
AMDAMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS
AMD1st Gen AMD EPYC™ Processors
AMD2nd Gen AMD EPYC™ Processors
AMD3rd Gen AMD EPYC™ Processors
AMD4th Gen AMD EPYC™ Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD Ryzen™ Embedded 5000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7003
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T17:51:52.542045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T18:07:59.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "4th Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122  Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-18T18:31:43.449Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46774",
    "datePublished": "2023-11-14T18:52:11.012Z",
    "dateReserved": "2022-03-31T16:50:27.874Z",
    "dateUpdated": "2024-10-11T18:07:59.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23829
Vulnerability from cvelistv5
Published
2024-06-18 19:01
Modified
2024-08-29 20:40
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html
Impacted products
AMDAMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series
AMDAMD Ryzen™ 6000 Series Mobile Processors and Workstations
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Mobile Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors
AMDAMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ PRO Processor
AMD1st Gen AMD EPYC™ Processors
AMD2nd Gen AMD EPYC™ Processors
AMD3rd Gen AMD EPYC™ Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC (TM) Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD RyzenTM Embedded R1000
AMDAMD RyzenTM Embedded R2000
AMDAMD RyzenTM Embedded 5000
AMDAMD RyzenTM Embedded V1000
AMDAMD RyzenTM Embedded V2000
AMDAMD RyzenTM Embedded V3000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_5995wx",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6980hx",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23829",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T17:32:15.481387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T20:40:26.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC (TM) Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T18:54:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.\u003c/span\u003e\n\n"
            }
          ],
          "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-18T19:01:57.007Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23829",
    "datePublished": "2024-06-18T19:01:24.315Z",
    "dateReserved": "2022-01-21T17:20:55.781Z",
    "dateUpdated": "2024-08-29T20:40:26.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36347
Vulnerability from cvelistv5
Published
2025-06-27 22:14
Modified
2025-06-27 22:14
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
Impacted products
AMDAMD EPYC™ 7001 Series
AMDAMD EPYC™ 7002 Series
AMDAMD EPYC™ 7003 Series
AMDAMD EPYC™ 9004 Series
AMDAMD EPYC™ 4004 Series
AMDAMD EPYC™ 9005 Series
AMDAMD Instinct™ MI300A
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ 9000 Series Desktop Processors
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 6000 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7045 Series Mobile Processors
AMDAMD Ryzen™ AI 300 Series
AMDAMD Ryzen™ AI Max +
AMDAMD Ryzen™ 9000HX Series Mobile Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD EPYC™ Embedded 8004
AMDAMD EPYC™ Embedded 9004
AMDAMD EPYC™ Embedded 97X4
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded 5000
AMDAMD Ryzen™ Embedded 7000
AMDAMD Ryzen™ Embedded V1000
AMDAMD Ryzen™Embedded V2000
AMDAMD Ryzen™Embedded V3000
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "NaplesPI 1.0.0.P"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.L"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300PI_SR5 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3c"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.0.0.1k"
            },
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.1.0.0i"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.Eb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.7b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1 1.0.0.3g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixKrakenPI-FP8_1.1.0.0b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max +",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixHaloPI-FP11_1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "FireRangeFL1PI 1.0.0.0a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwl PI 1.1.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilan PI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 97X4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7R2 1.0.0.C"
            }
          ]
        }
      ],
      "datePublic": "2025-06-27T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\u003cbr\u003e"
            }
          ],
          "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T22:14:01.944Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36347",
    "datePublished": "2025-06-27T22:14:01.944Z",
    "dateReserved": "2024-05-23T19:44:47.201Z",
    "dateUpdated": "2025-06-27T22:14:01.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20521
Vulnerability from cvelistv5
Published
2023-11-14 18:52
Modified
2024-08-02 09:05
Severity ?
3.3 (Low) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L
Summary
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001vendor-advisory
Impacted products
AMDAthlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4
AMDRyzen™ Threadripper™ 2000 Series Processors “Colfax”
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”
AMDRyzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5
AMD1st Gen AMD EPYC™ Processors
AMD2nd Gen AMD EPYC™ Processors
AMD3rd Gen AMD EPYC™ Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded V1000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-27T19:38:18.334372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T14:56:31.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-18T18:42:56.250Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20521",
    "datePublished": "2023-11-14T18:52:31.662Z",
    "dateReserved": "2022-10-27T18:53:39.737Z",
    "dateUpdated": "2024-08-02T09:05:36.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.htmlvendor-advisory
Impacted products
AMD3rd Gen AMD EPYC™ Processors
AMD1st Gen AMD EPYC™ Processors
AMD2nd Gen AMD EPYC™ Processors
AMD4th Gen AMD EPYC™ Processors
AMDAMD EPYC™ Embedded 3000
AMDAMD EPYC™ Embedded 7002
AMDAMD EPYC™ Embedded 7003
AMDAMD EPYC™ Embedded 9003
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded 5000
AMDAMD Ryzen™ Embedded 7000
AMDAMD Ryzen™ Embedded V1000
AMDAMD Ryzen™ Embedded V2000
AMDAMD Ryzen™ Embedded V3000
AMDAMD Ryzen™ 3000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop Processors
AMDAMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
AMDAMD Ryzen™ 7000 Series Desktop Processors
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMDAMD Ryzen™ Threadripper™ 3000 Series Processors
AMDAMD Ryzen™ Threadripper™ PRO Processors
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7045 Series Mobile Processors
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMDAMD Ryzen™ 8000 Series Processors with Radeon™ Graphics
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T12:56:32.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
          },
          {
            "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
          },
          {
            "url": "https://news.ycombinator.com/item?id=41475975"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "1st_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "naples.pi.1.0.0.m",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "3rd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "milan.pi.1.0.0.d",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "2nd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rome.pi.1.0.0.j",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "genoa_pi_1.0.0.c",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7003",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_9003",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "emgenoa.pi.1.0.0.7",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_7000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_5000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_3000_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_3000wx_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "pollockpi-ft5.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "renoirpi-fp6.1.0.0.e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6.1.0.1.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7045_series_mobile_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "dragonrangefl1.1.0.0.3e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6000_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7020_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "mendocinopi-ft6.1.0.0.7",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7035_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_8000_series_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T17:29:59.373286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T14:54:02.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Milan PI 1.0.0.D",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Naples PI 1.0.0.M",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Rome PI 1.0.0.J",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "4th Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Genoa PI 1.0.0.C",
              "status": "unaffected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "EmbGenoaPI 1.0.0.7",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "PollockPI-FT5 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RenoirPI-FP6 1.0.0.E",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6 1.0.1.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "DragonRangeFL1 1.0.0.3e",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MendocinoPI-FT6 1.0.0.7",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        }
      ],
      "datePublic": "2024-08-09T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
            }
          ],
          "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:37:24.501Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31315",
    "datePublished": "2024-08-09T17:08:24.237Z",
    "dateReserved": "2023-04-27T15:25:41.423Z",
    "dateUpdated": "2024-09-12T12:56:32.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}