ByteOS

Product

Ryzen™ Series

Versions

Affected

various

Vendor

Product

Athlon™ Series

Versions

Affected

various

Problem Types

Type	CWE ID	Description
text	N/A	tbd

Type: text

CWE ID: N/A

Description: tbd

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027	x_refsource_MISC

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027	x_refsource_MISC x_transferred

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:16 Nov, 2021 | 19:15

Updated At:12 May, 2022 | 18:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*

>>epyc_7003_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*

>>epyc_7003>>-

cpe:2.3:o:amd:epyc_7002_firmware:*:*:*:*:*:*:*:*

>>epyc_7002_firmware>>Versions before romepi-sp3_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*

>>epyc_7002>>-

cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:*

>>epyc_7001_firmware>>Versions before naplespi-sp3_1.0.0.g(exclusive)

cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*

>>epyc_7001>>-

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

>>epyc_72f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

>>epyc_72f3>>-

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

>>epyc_7313_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

>>epyc_7313>>-

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

>>epyc_7313p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

>>epyc_7313p>>-

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

>>epyc_7343_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

>>epyc_7343>>-

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

>>epyc_73f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

>>epyc_73f3>>-

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

>>epyc_7413_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

>>epyc_7413>>-

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

>>epyc_7443_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

>>epyc_7443>>-

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

>>epyc_7443p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

>>epyc_7443p>>-

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

>>epyc_7453_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

>>epyc_7453>>-

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

>>epyc_74f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

>>epyc_74f3>>-

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

>>epyc_7513_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

>>epyc_7513>>-

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

>>epyc_7543_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

>>epyc_7543>>-

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

>>epyc_7543p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

>>epyc_7543p>>-

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

>>epyc_75f3_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

>>epyc_75f3>>-

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

>>epyc_7643_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

>>epyc_7643>>-

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

>>epyc_7663_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

>>epyc_7663>>-

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

>>epyc_7713_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

>>epyc_7713>>-

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

>>epyc_7713p_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

>>epyc_7713p>>-

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

>>epyc_7763_firmware>>Versions before milanpi-sp3_1.0.0.4(exclusive)

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

>>epyc_7763>>-

cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*

>>epyc_7232p_firmware>>Versions before romepi-sp3_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*

>>epyc_7232p>>-

cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*

>>epyc_7252_firmware>>Versions before romepi-sp3_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*

>>epyc_7252>>-

cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*

>>epyc_7262_firmware>>Versions before romepi-sp3_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*

>>epyc_7262>>-

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027	psirt@amd.com	N/A

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Source: psirt@amd.com

Resource: N/A

Similar CVEs

59Records found

CVE-2020-12983

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-11 Jun, 2021 | 21:49

Updated-17 Sep, 2024 | 02:57

An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software radeon_pro_software windows_10 AMD Radeon Software

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-12903

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.59%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 19:44

Updated-17 Sep, 2024 | 00:52

Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-46771

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.98%

7 Day CHG~0.00%

Published-10 May, 2022 | 18:30

Updated-17 Sep, 2024 | 04:09

Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26353

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.13% / 33.17%

7 Day CHG~0.00%

Published-10 May, 2022 | 18:33

Updated-03 Aug, 2024 | 20:26

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.

CWE ID-CWE-665

Improper Initialization

CVE-2021-26398

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.56%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:56

Updated-09 Apr, 2025 | 14:38

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7371_firmware epyc_7261 epyc_7451 epyc_7282_firmware epyc_7f32 epyc_7551_firmware epyc_7272_firmware epyc_7573x epyc_7713p epyc_7443 epyc_7513 epyc_7232p_firmware epyc_7702 epyc_7453 epyc_7373x epyc_7513_firmware epyc_7542 epyc_7281_firmware epyc_7413_firmware epyc_7h12_firmware epyc_7002 epyc_7643_firmware epyc_7f52 epyc_75f3 epyc_7373x_firmware epyc_7001 epyc_7f32_firmware epyc_7743_firmware epyc_7f72_firmware epyc_7662_firmware epyc_7502 epyc_75f3_firmware epyc_7001_firmware epyc_7343_firmware epyc_7281 epyc_7551 epyc_7551p epyc_7313p epyc_7002_firmware epyc_7551p_firmware epyc_7601_firmware epyc_7573x_firmware epyc_7352 epyc_7713_firmware epyc_7401 epyc_7742 epyc_7272 epyc_7713 epyc_7003_firmware epyc_7443p_firmware epyc_7773x epyc_7003 epyc_7261_firmware epyc_7742_firmware epyc_7501 epyc_7501_firmware epyc_7301_firmware epyc_7743 epyc_7443_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7542_firmware epyc_7763_firmware epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7302p_firmware epyc_7642_firmware epyc_7h12 epyc_7452 epyc_7543p_firmware epyc_7401p epyc_7302 epyc_7601 epyc_7232p epyc_7663 epyc_7552_firmware epyc_7773x_firmware epyc_72f3_firmware epyc_7371 epyc_7f72 epyc_7662 epyc_7642 epyc_7451_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7401p_firmware epyc_7313 epyc_7663_firmware epyc_7351_firmware epyc_7251 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7302_firmware epyc_7763 epyc_7402_firmware epyc_7713p_firmware epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7452_firmware epyc_7402p_firmware epyc_7351 epyc_7313_firmware epyc_7543p epyc_7443p epyc_7453_firmware epyc_7282 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_73f3 3rd Gen EPYC 2nd Gen EPYC 1st Gen EPYC

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-26331

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.79%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:09

Updated-16 Sep, 2024 | 21:03

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7443_firmware epyc_7402p epyc_7343 epyc_7451 epyc_7252_firmware epyc_7282_firmware epyc_7543_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7551_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7351p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7401p epyc_7281_firmware epyc_7413_firmware epyc_7302 epyc_7601 epyc_7232p epyc_7002 epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_72f3_firmware epyc_7001 epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7001_firmware epyc_75f3_firmware epyc_7662_firmware epyc_7f72_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7281 epyc_7551 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7401p_firmware epyc_7002_firmware epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7763 epyc_7302_firmware epyc_7713_firmware epyc_7401 epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7003_firmware epyc_7443p_firmware epyc_7003 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7351 epyc_7313_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_74f3 epyc_7352_firmware epyc_7301_firmware epyc_73f3 2nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26392

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.12% / 31.31%

7 Day CHG~0.00%

Published-09 Nov, 2022 | 20:44

Updated-16 Sep, 2024 | 21:15

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-26316

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.07% / 23.09%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 19:46

Updated-09 Apr, 2025 | 15:19

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-21938

Matching Score-8

Matching Score-8

CVSS Score-7.3||HIGH

EPSS-0.02% / 3.97%

7 Day CHG~0.00%

Published-12 Nov, 2024 | 17:14

Updated-18 Dec, 2024 | 19:00

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.