Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-26404

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-10 Jan, 2023 | 20:56
Updated At-08 Apr, 2025 | 20:22
Rejected At-
Credits

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:10 Jan, 2023 | 20:56
Updated At:08 Apr, 2025 | 20:22
Rejected At:
▼CVE Numbering Authority (CNA)

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen EPYC
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:11 Jan, 2023 | 08:15
Updated At:07 Nov, 2023 | 03:31

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Advanced Micro Devices, Inc.
amd
>>epyc_7003_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7003>>-
cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313>>-
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p>>-
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343>>-
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x>>-
cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3>>-
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413>>-
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443>>-
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p>>-
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453>>-
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x>>-
cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3>>-
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513>>-
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543>>-
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p>>-
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x>>-
cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643>>-
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3>>-
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663>>-
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713>>-
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713p_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7713p>>-
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7763_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7763>>-
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x_firmware>>Versions before milanpi-sp3_1.0.0.9(exclusive)
cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x>>-
cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032psirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

140Records found
CVE-2022-23820
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:52
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xryzen_5_6600h_firmwareryzen_5_3580uathlon_3015ceryzen_7_4800u_firmwareryzen_5_5500x_firmwareryzen_5_pro_5645ryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_7_7735hs_firmwareryzen_9_3900xryzen_5_pro_3350ge_firmwareryzen_9_5900x_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxathlon_3015eryzen_7_5800hsryzen_5_5500hryzen_5_5600xryzen_9_5900_firmwareryzen_5_5600hsryzen_5_3600xt_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_3750h_firmwareryzen_threadripper_3960x_firmwareryzen_5_6600hryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_4500u_firmwareryzen_9_6980hxryzen_threadripper_pro_3975wxryzen_5_5560uryzen_3_3100ryzen_7_3750hryzen_5_6600hsryzen_7_3780uryzen_7_pro_5845athlon_3015e_firmwareryzen_9_5900hsryzen_9_4900hsryzen_7_4980u_firmwareryzen_threadripper_2920xryzen_9_5980hsryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_3_5125c_firmwareryzen_5_55003xd_firmwareryzen_9_6900hxryzen_7_5800h_firmwareryzen_9_6900hsryzen_3_3300xryzen_7_3700xryzen_5_3500uryzen_5_5500ryzen_3_5400uryzen_9_4900hs_firmwareryzen_9_4900h_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hryzen_5_4500uryzen_9_pro_5945ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900ryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_5_pro_3350gryzen_7_4980uryzen_9_5900ryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_7_7735uryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_5600hs_firmwareryzen_5_56003xdryzen_3_3350u_firmwareryzen_5_5600h_firmwareryzen_7_5700ryzen_5_4680uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareryzen_3_3300u_firmwareryzen_7_5800ryzen_7_4700uryzen_7_6800hs_firmwareryzen_7_3800xryzen_5_7535uryzen_5_4600uryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_threadripper_2990wx_firmwareryzen_5_3500cryzen_5_4600hryzen_5_4600u_firmwareryzen_5_56003xd_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_5_7535u_firmwareryzen_7_6800uryzen_3_3300uryzen_7_7736uryzen_5_3600xtryzen_3_5425u_firmwareryzen_7_7735hsryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareryzen_7_4800hryzen_5_5600uryzen_9_4900hryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareathlon_3015ce_firmwareryzen_threadripper_2970wxryzen_7_4800hsryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_5_5625uryzen_5_6600uryzen_5_pro_3400gryzen_threadripper_2920x_firmwareryzen_7_4800hs_firmwareryzen_9_6980hs_firmwareryzen_5_3450uryzen_3_5125cryzen_7_3800x_firmwareryzen_5_pro_3350geryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_7_pro_5845_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_5_6600u_firmwareryzen_3_7335uryzen_7_3800xtryzen_threadripper_2970wx_firmwareryzen_7_5700_firmwareryzen_5_7535hs_firmwareryzen_9_3950x_firmwareryzen_9_pro_5945_firmwareryzen_threadripper_pro_3995wxryzen_5_4600h_firmwareryzen_5_7535hsryzen_7_3700c_firmwareryzen_7_5700x_firmwareryzen_threadripper_pro_3955wxryzen_5_4600hsryzen_7_5800u_firmwareryzen_7_7736u_firmwareryzen_9_3900x_firmwareryzen_7_4700u_firmwareryzen_7_3700uryzen_5_6600hs_firmwareryzen_5_pro_5645_firmwareryzen_3_3350uryzen_5_3500_firmwareryzen_3_5425uryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5800uryzen_9_5900hxryzen_5_4680u_firmwareryzen_5_4600hs_firmwareryzen_5_pro_3400geryzen_5_5500h_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xryzen_3_5100ryzen_5_3500ryzen_7_5800hryzen_5_3450u_firmwareryzen_threadripper_pro_3945wxryzen_5_3600ryzen_5_pro_3400ge_firmwareryzen_threadripper_3970x_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_5800hs_firmwareryzen_7_4800uryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD EPYC™ Embedded 7003AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM43rd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSAMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 3000 series Desktop Processors “Matisse"AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23831
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:45
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

Action-Not Available
Vendor-FreeBSD FoundationLinux Kernel Organization, IncMicrosoft CorporationAdvanced Micro Devices, Inc.
Product-amd_uprofwindowsfreebsdlinux_kernelAMD μProf
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46769
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7552_firmwareepyc_7282_firmwareepyc_7742_firmwareepyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7h12epyc_7453epyc_73f3_firmwareepyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_73f3epyc_74f3_firmwareepyc_7252epyc_7402_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7402epyc_7643epyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7502p_firmwareepyc_7713_firmwareepyc_7713epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_72623rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46754
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:00
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3500_firmwareryzen_3800xtryzen_3900x_firmwareryzen_3900xryzen_5600x_firmwareryzen_5800x_firmwareryzen_3600ryzen_3600_firmwareryzen_2700xryzen_2600_firmwareryzen_3500ryzen_2200g_firmwareryzen_1600_\(af\)_firmwareryzen_5600gryzen_pro_2100geryzen_3950x_firmwareryzen_5600geryzen_3950xryzen_3900xt_firmwareryzen_5600ryzen_5600ge_firmwareryzen_3800x_firmwareryzen_2200geryzen_1200_\(af\)_firmwareryzen_2700e_firmwareryzen_2400gryzen_5600g_firmwareryzen_2920xryzen_5600_firmwareryzen_1200_\(af\)ryzen_5700x_firmwareryzen_5965wx_firmwareryzen_2600eryzen_3500x_firmwareryzen_2990wxryzen_5900xryzen_2920x_firmwareryzen_2600xryzen_5300ge_firmwareryzen_5900ryzen_2700_firmwareryzen_5500_firmwareryzen_5700gathlon_silver_3050geryzen_5800xryzen_3900xtryzen_5700ge_firmwareryzen_2970wx_firmwareryzen_5965wxryzen_3600xtryzen_2200ge_firmwareryzen_5300g_firmwareryzen_3900_firmwareryzen_2700eathlon_gold_3150gryzen_5800_firmwareryzen_5945wx_firmwareryzen_2600e_firmwareathlon_silver_3050ge_firmwareryzen_5800ryzen_5995wx_firmwareryzen_2950xryzen_2500xryzen_2400geryzen_3300xryzen_3500xryzen_3900ryzen_2990wx_firmwareryzen_5950x_firmwareryzen_2400ge_firmwareryzen_5955wx_firmwareryzen_2600x_firmwareryzen_3100ryzen_2400g_firmwareryzen_2500x_firmwareryzen_5600xryzen_5300geryzen_5975wx_firmwareryzen_2700x_firmwareryzen_pro_2100ge_firmwareryzen_5950xryzen_2300x_firmwareryzen_3800xt_firmwareryzen_2700athlon_gold_3150geryzen_3100_firmwareryzen_3600x_firmwareryzen_5995wxryzen_5500ryzen_5900_firmwareryzen_3300x_firmwareryzen_5700g_firmwareryzen_5800x3dryzen_5700xryzen_5900x_firmwareryzen_5300gryzen_5700geryzen_5800x3d_firmwareryzen_3600xryzen_2970wxryzen_3800xryzen_2950x_firmwareryzen_2600ryzen_2200gryzen_2300xryzen_1600_\(af\)athlon_gold_3150ge_firmwareryzen_5955wxathlon_gold_3150g_firmwareryzen_5945wxryzen_5975wxryzen_3600xt_firmwareAMD Ryzen™ Embedded V2000Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” AMD Ryzen™ Embedded V1000Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD Ryzen™ Embedded R2000Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPAMD Ryzen™ Embedded R1000
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46775
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7552_firmwareepyc_7282_firmwareepyc_7742_firmwareepyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7h12epyc_7453epyc_73f3_firmwareepyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_73f3epyc_74f3_firmwareepyc_7252epyc_7402_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7402epyc_7643epyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7502p_firmwareepyc_7713_firmwareepyc_7713epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_72623rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46773
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:01
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_2600xryzen_3600x_firmwareryzen_3800xryzen_1200_\(af\)_firmwareryzen_3300xryzen_5300geryzen_3600ryzen_5995wxryzen_2920x_firmwareryzen_5600ryzen_5955wxryzen_5800x_firmwareryzen_2700eryzen_2600_firmwareryzen_6980hx_firmwareryzen_5500_firmwareryzen_5900ryzen_3600xryzen_2920xryzen_pro_2100ge_firmwareryzen_2970wx_firmwareryzen_3800x_firmwareryzen_3600xt_firmwareryzen_5700xryzen_5600xryzen_6800u_firmwareryzen_2300x_firmwareryzen_6900hx_firmwareryzen_5300g_firmwareryzen_5700geryzen_2600e_firmwareryzen_2950xryzen_3900xt_firmwareryzen_2600ryzen_6980hsryzen_3600_firmwareryzen_2500xryzen_5600x_firmwareryzen_3900xtryzen_5945wx_firmwareryzen_2990wx_firmwareryzen_5800_firmwareryzen_2990wxryzen_3100_firmwareryzen_3500_firmwareryzen_2500x_firmwareryzen_5300gryzen_2200geryzen_2200ge_firmwareryzen_3900ryzen_5975wxryzen_2200gryzen_6600u_firmwareryzen_6800uryzen_2950x_firmwareryzen_2600eryzen_2700_firmwareryzen_5800ryzen_3800xt_firmwareryzen_5800xryzen_5800x3d_firmwareryzen_6600hs_firmwareryzen_3300x_firmwareryzen_2970wxryzen_6600uryzen_3800xtryzen_5500ryzen_2700x_firmwareryzen_3900xryzen_2600x_firmwareryzen_5955wx_firmwareryzen_3500ryzen_5300ge_firmwareryzen_2400ge_firmwareryzen_3950xryzen_5995wx_firmwareryzen_5950x_firmwareryzen_1200_\(af\)ryzen_5700g_firmwareryzen_5900_firmwareryzen_3600xtryzen_5600ge_firmwareryzen_5600gryzen_5950xryzen_2400gryzen_6600hsryzen_pro_2100geryzen_5600_firmwareryzen_2700xryzen_5965wx_firmwareryzen_6900hsryzen_5600g_firmwareryzen_2400geryzen_5945wxryzen_5965wxryzen_5700gryzen_6800hsryzen_6800hryzen_6900hs_firmwareryzen_5600geryzen_3900_firmwareryzen_2700ryzen_2200g_firmwareryzen_5900xryzen_3950x_firmwareryzen_5700ge_firmwareryzen_3100ryzen_6980hxryzen_1600_\(af\)ryzen_2300xryzen_1600_\(af\)_firmwareryzen_6800hs_firmwareryzen_3500xryzen_6600hryzen_6800h_firmwareryzen_3500x_firmwareryzen_2400g_firmwareryzen_6600h_firmwareryzen_5900x_firmwareryzen_5700x_firmwareryzen_5975wx_firmwareryzen_5800x3dryzen_3900x_firmwareryzen_2700e_firmwareryzen_6900hxryzen_6980hs_firmwareRyzen™ 3000 Series Desktop Processors “Matisse” AM4Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP5Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WSAMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46756
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:00
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7301_firmwareepyc_7451_firmwareepyc_7552_firmwareepyc_7451epyc_7282_firmwareepyc_7742_firmwareepyc_7371epyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7551epyc_7h12epyc_7301epyc_7453epyc_73f3_firmwareepyc_7401epyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_7261_firmwareepyc_73f3epyc_74f3_firmwareepyc_7252epyc_7571_firmwareepyc_7402_firmwareepyc_7351_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7351epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7501epyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7401p_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7401_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7351p_firmwareepyc_7551pepyc_7501_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7601_firmwareepyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7251epyc_7402epyc_7643epyc_7551_firmwareepyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7261epyc_7551p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7281epyc_7502p_firmwareepyc_7713_firmwareepyc_7371_firmwareepyc_7713epyc_7281_firmwareepyc_7571epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7251_firmwareepyc_7351pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7401pepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_7601epyc_72621st Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”Ryzen™ 3000 Series Desktop Processors “Matisse” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP5Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM42nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”3rd Gen AMD EPYC™ ProcessorsRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46767
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.01%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpi_firmwaremilanpiromepiromepi_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12929
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:52
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution .

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-0037
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 5.79%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 23:52
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-Platform Loader and Manager (PLM)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12961
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:13
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7002_firmwareepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12944
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.53%
||
7 Day CHG-0.01%
Published-16 Nov, 2021 | 18:17
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12946
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.62%
||
7 Day CHG-0.01%
Published-16 Nov, 2021 | 18:01
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f3Athlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12986
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:50
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20530
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.27%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7343_firmwareepyc_7543_firmwareepyc_7373xepyc_7453epyc_7743epyc_7413_firmwareepyc_73f3_firmwareepyc_7443epyc_7513epyc_7763_firmwareepyc_7373x_firmwareepyc_7573x_firmwareepyc_7543p_firmwareepyc_7663epyc_7773xepyc_72f3_firmwareepyc_7443p_firmwareepyc_7543epyc_7773x_firmwareepyc_7443pepyc_75f3epyc_7443_firmwareepyc_7313p_firmwareepyc_7313pepyc_7543pepyc_7003epyc_7313epyc_7003_firmwareepyc_7313_firmwareepyc_74f3epyc_7573xepyc_75f3_firmwareepyc_7663_firmwareepyc_7763epyc_7343epyc_7413epyc_7643epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7743_firmwareepyc_7643_firmwareepyc_7713epyc_72f3epyc_74f3_firmwareepyc_7513_firmware3rd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20527
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7453epyc_7601_firmwareepyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7251_firmwareepyc_7763_firmwareepyc_7551p_firmwareepyc_7f32epyc_7773x_firmwareepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7551_firmwareepyc_7313pepyc_7f72_firmwareepyc_7401p_firmwareepyc_7573xepyc_7413epyc_7371_firmwareepyc_7h12epyc_7f72epyc_7743_firmwareepyc_7451epyc_72f3epyc_7371epyc_74f3_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7452epyc_7261_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7551pepyc_7401pepyc_7663epyc_7543epyc_7662_firmwareepyc_7252_firmwareepyc_7301_firmwareepyc_7313epyc_7002epyc_74f3epyc_7272epyc_7713pepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7343_firmwareepyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7551epyc_7443epyc_7542epyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_72f3_firmwareepyc_7443p_firmwareepyc_7001_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7f32_firmwareepyc_7552_firmwareepyc_7251epyc_7402pepyc_7543pepyc_7601epyc_7642epyc_7532epyc_7502p_firmwareepyc_7272_firmwareepyc_7663_firmwareepyc_7501epyc_7763epyc_7643epyc_7502epyc_7501_firmwareepyc_7301epyc_7643_firmwareepyc_7262_firmwareepyc_7352_firmwareepyc_7532_firmwareepyc_7351epyc_7282_firmwareepyc_7401_firmwareepyc_7743epyc_7351_firmwareepyc_7452_firmwareepyc_7281_firmwareepyc_7401epyc_7543p_firmwareepyc_7773xepyc_7001epyc_7451_firmwareepyc_7f52_firmwareepyc_7261epyc_7313p_firmwareepyc_7002_firmwareepyc_7003epyc_7003_firmwareepyc_7313_firmwareepyc_7281epyc_7402_firmwareepyc_75f3_firmwareepyc_7343epyc_7662epyc_7713p_firmwareepyc_73f3epyc_7713_firmwareepyc_7742_firmwareepyc_7282epyc_7513_firmware1st Gen EPYC3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31343
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.31%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 22:35
Updated-12 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded R2000AMD EPYC™ 7003 ProcessorsAMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7000 Series Mobile ProcessorsAMD Ryzen™ Embedded V3000AMD EPYC™ Embedded 9004AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD EPYC™ 9004 ProcessorsAMD Ryzen™ Embedded 7000AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsAMD Ryzen™ Embedded V2000AMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ Embedded R1000AMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD EPYC™ Embedded 7003AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Instinct™ MI300AAMD Ryzen™ Embedded 5000AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31339
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:56
Updated-15 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-Zynq™ UltraScale+™ MPSoC/RFSoC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31342
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.31%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 22:24
Updated-24 Apr, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD Ryzen™ Embedded V2000AMD Ryzen™ 7000 Series Mobile ProcessorsAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsAMD EPYC™ Embedded 9004AMD Ryzen™ Embedded R2000AMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Embedded 7000AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Instinct™ MI300AAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsAMD EPYC™ 9004 ProcessorsAMD Ryzen™ Embedded V3000AMD Ryzen™ Embedded R1000AMD EPYC™ Embedded 7003AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD EPYC™ 7003 ProcessorsAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD Ryzen™ Embedded 5000AMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26323
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:14
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7232p_firmwareepyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7413_firmwareepyc_7232pepyc_7643epyc_72f3epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26373
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:27
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pepyc_7573xryzen_3_3100_firmwareepyc_7513ryzen_threadripper_2950x_firmwareryzen_9_5900x_firmwareryzen_5_2500uepyc_7232p_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxepyc_7453ryzen_3_2300uepyc_7373xepyc_7513_firmwareepyc_7542epyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_threadripper_pro_3975wxepyc_7643_firmwareryzen_threadripper_1950x_firmwareepyc_7f52epyc_75f3ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_7343_firmwareryzen_3_2200u_firmwareryzen_threadripper_1900x_firmwareryzen_3_2200uepyc_7313pryzen_7_5700gryzen_threadripper_2920xepyc_7573x_firmwareryzen_7_2700x_firmwareryzen_7_2700ryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xepyc_7352ryzen_5_2600hepyc_7713_firmwareepyc_7742ryzen_5_5500epyc_7272ryzen_7_2700uepyc_7713epyc_7443p_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_7_2800hepyc_7773xryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_7_5800x3dryzen_threadripper_3990xryzen_7_2700_firmwareryzen_threadripper_pro_5955wxepyc_7742_firmwareryzen_9_5950xryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3200u_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareryzen_threadripper_1920x_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gepyc_7313p_firmwareepyc_7252epyc_7502pryzen_threadripper_1900xryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7302ryzen_5_2700ryzen_7_2800h_firmwareepyc_7232pryzen_threadripper_1950xryzen_threadripper_pro_3945wx_firmwareepyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7662ryzen_7_5700g_firmwareepyc_7642epyc_7473xryzen_threadripper_2970wx_firmwareryzen_threadripper_pro_5975wx_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uepyc_7552epyc_7302pepyc_7702p_firmwareryzen_3_3300epyc_74f3_firmwareepyc_7302_firmwareepyc_7763ryzen_threadripper_pro_3955wx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_1920xepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_3_3250uryzen_5_5600g_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xepyc_7543pepyc_7443pryzen_threadripper_3970x_firmwareryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_7_5700xepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26351
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.62%
||
7 Day CHG-0.01%
Published-12 May, 2022 | 17:18
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3300x_firmwareryzen_5_5600hryzen_threadripper_pro_5945wx_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_3_5425cryzen_9_3900xryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3450gryzen_5_5600uryzen_9_5980hxryzen_threadripper_pro_5975wxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900hx_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_threadripper_2970wxryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5625uryzen_5_5700geryzen_5_3600x_firmwareryzen_threadripper_2920x_firmwareryzen_5_3400gryzen_3_5125cryzen_threadripper_3960x_firmwareryzen_7_3800x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_5700gryzen_threadripper_pro_3975wxryzen_9_5900hs_firmwareryzen_5_5560uryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_threadripper_pro_5945wxryzen_5_3600xryzen_3_3100ryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_9_3950x_firmwareryzen_threadripper_pro_3995wxryzen_9_5900hsryzen_5_5700g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_threadripper_pro_3955wxryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_5825c_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5625c_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_5_5625cryzen_threadripper_pro_3955wx_firmwareryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_3_5400uryzen_5_3450g_firmwareryzen_7_5825cryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_threadripper_3990x_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_3700x_firmwareryzen_threadripper_3990xryzen_9_3950xryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_3300gryzen_7_5800hryzen_3_5400u_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_3800xryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26370
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.62%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 18:25
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7573xepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7373xepyc_7h12epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7773x_firmwareepyc_75f3epyc_7552_firmwareepyc_7373x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7473xepyc_7473x_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7002_firmwareepyc_7313epyc_7663_firmwareepyc_7573x_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7773xepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26325
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:23
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7232p_firmwareepyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7413_firmwareepyc_7232pepyc_7643epyc_72f3epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26316
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.13%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 19:46
Updated-09 Apr, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543epyc_7402athlon_silver_3050u_firmwareathlon_silver_3050e_firmwareathlon_3150g_firmwareepyc_7f32epyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareathlon_silver_pro_3125ge_firmwareryzen_5_2500uathlon_gold_3150c_firmwareryzen_9_5980hxepyc_7453ryzen_3_5300geryzen_3_2300uryzen_5_5600hsathlon_gold_pro_3150gryzen_7_5825uryzen_7_5825u_firmwareepyc_7542athlon_silver_pro_3125geepyc_7413_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_2950xryzen_threadripper_pro_3975wxathlon_pro_3145bepyc_7002epyc_7643_firmwareryzen_3_2200g_firmwareepyc_7f52ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareathlon_silver_3050geepyc_75f3_firmwareryzen_3_2200u_firmwareathlon_silver_3050eryzen_3_2200uryzen_7_5700gryzen_threadripper_2920xryzen_5_2400geryzen_7_5825c_firmwareepyc_7573x_firmwareryzen_5_2600ryzen_7_2700x_firmwareryzen_5_2600hryzen_5_pro_2500uryzen_5_5500ryzen_3_5400uathlon_gold_pro_3150geepyc_7713ryzen_5_5600_firmwareepyc_7003athlon_gold_3150geryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_5800x3dryzen_5_5600ge_firmwareryzen_7_2700_firmwareathlon_3150ge_firmwareryzen_5_2700xryzen_5_5600h_firmwareryzen_5_2600_firmwareryzen_7_5800ryzen_5_2400ge_firmwareryzen_5_2400gryzen_3_pro_2300u_firmwareryzen_9_5950xryzen_pro_5650ge_firmwareryzen_5_5500_firmwareepyc_7743ryzen_3_2200geepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareryzen_5_pro_2500u_firmwareryzen_threadripper_pro_5945wx_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pryzen_5_5600uathlon_pro_3045b_firmwareryzen_5_5600geryzen_7_2700u_firmwareryzen_pro_2400geryzen_7_2800h_firmwareryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareepyc_72f3_firmwareepyc_7662epyc_7642ryzen_threadripper_pro_5975wx_firmwareryzen_pro_5350ge_firmwareepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_pro_2400g_firmwareepyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxepyc_7302pryzen_pro_2400gepyc_74f3_firmwareathlon_silver_3050uryzen_3_5425uepyc_7763ryzen_3_2200gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareryzen_7_5825cryzen_7_5800uryzen_pro_5650gryzen_5_5600g_firmwareryzen_5_2400g_firmwareryzen_7_pro_2700u_firmwareepyc_7402p_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_3_5425c_firmwareryzen_7_5800hepyc_7543pepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareathlon_gold_3150ge_firmwareryzen_pro_5750gryzen_7_5700uryzen_7_5700ge_firmwareathlon_3150geathlon_gold_pro_3150ge_firmwareepyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareepyc_7282_firmwareepyc_7272_firmwareepyc_7573xryzen_threadripper_2950x_firmwareepyc_7232p_firmwareepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900_firmwareryzen_threadripper_pro_5995wxryzen_pro_5750geepyc_7373xepyc_7513_firmwareryzen_pro_5650geryzen_5_5700geepyc_7h12_firmwareryzen_5_5560uepyc_75f3ryzen_pro_5650g_firmwareepyc_7743_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502ryzen_7_5700u_firmwareepyc_7343_firmwareryzen_9_5900hsepyc_7313pepyc_7002_firmwareathlon_silver_3050ge_firmwareryzen_9_5980hsryzen_3_5125c_firmwareryzen_5_5500u_firmwareryzen_7_2700ryzen_7_5800h_firmwareryzen_pro_5750g_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareepyc_7352ryzen_5_5625cryzen_pro_5350gepyc_7713_firmwareepyc_7742epyc_7272ryzen_7_2700uathlon_pro_3045bepyc_7003_firmwareepyc_7443p_firmwareryzen_7_2800hryzen_7_5800xathlon_3150gepyc_7773xathlon_silver_3050c_firmwareryzen_5_2600x_firmwareryzen_3_5300gryzen_9_5900ryzen_pro_2200ge_firmwareryzen_5_5600hs_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_pro_2200gryzen_5_5500uryzen_3_5400u_firmwareryzen_pro_2400ge_firmwareepyc_7742_firmwareathlon_silver_3050cryzen_threadripper_pro_3795wxathlon_3050ge_firmwareryzen_pro_5350g_firmwareryzen_threadripper_2990wx_firmwareryzen_7_pro_2700uryzen_5_5600hryzen_3_5300u_firmwareepyc_7763_firmwareryzen_3_5300uryzen_3_5425cryzen_5_5600gryzen_3_5425u_firmwareathlon_3050geryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7h12epyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_3_5300ge_firmwareryzen_5_2600xryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_7_5700geepyc_7302athlon_pro_3145b_firmwareryzen_3_2200ge_firmwareryzen_3_5125cryzen_pro_5750ge_firmwareepyc_7232pryzen_5_5700gepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareepyc_7773x_firmwareepyc_7f72ryzen_7_5700g_firmwareryzen_threadripper_2970wx_firmwareryzen_pro_2200geepyc_7532_firmwareryzen_threadripper_pro_3995wxryzen_5_5700g_firmwareryzen_pro_5350geryzen_3_5300g_firmwareryzen_7_5800u_firmwareepyc_7552epyc_7702p_firmwareryzen_5_5700ge_firmwareepyc_7302_firmwareryzen_5_5560u_firmwareepyc_73f3_firmwareepyc_7702pepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_pro_2200g_firmwareryzen_9_5900hxathlon_gold_pro_3150g_firmwareathlon_gold_3150cepyc_72f3epyc_7643athlon_gold_3150u_firmwareepyc_7452_firmwareepyc_7313_firmwareryzen_3_pro_2300uepyc_7443pryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_5_5625u_firmwareryzen_7_5700xepyc_73f31st Gen EPYC 3rd Gen EPYCRyzen 5000 Series Ryzen 3000 SeriesRyzen 2000 Series2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2024-51530
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 5.18%
||
7 Day CHG-0.00%
Published-05 Nov, 2024 | 11:19
Updated-07 Nov, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45444
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:51
Updated-06 Sep, 2024 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39740
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.45%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2021-30338
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.22%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:10
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdxr1_firmwaresd850_firmwaresd850sdxr1Snapdragon Compute
CWE ID-CWE-20
Improper Input Validation
CVE-2024-28977
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:08
Updated-21 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480_firmwareexynos_1080_firmwareexynos_980_firmwareexynos_1480exynos_1330exynos_850exynos_850_firmwareexynos_w920_firmwareexynos_w920exynos_1280_firmwareexynos_1380_firmwareexynos_1380exynos_w930_firmwareexynos_1330_firmwareexynos_980exynos_1280exynos_w930exynos_1080n/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25413
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43449
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.49%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-02 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via download_server.

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-22338
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 10:36
Updated-14 Aug, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access OIDC Provider information disclosure

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_oidc_providerSecurity Verify Access OIDC Provider
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22452
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.12%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:32
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-42527
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-42776
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-3.8||LOW
EPSS-0.10% / 28.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-24 Oct, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-sgx_dcapIntel(R) SGX DCAP software for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0022
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:01
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-48354
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.54%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5097
Matching Score-4
Assigner-HYPR Corp
ShareView Details
Matching Score-4
Assigner-HYPR Corp
CVSS Score-7||HIGH
EPSS-0.09% / 26.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:40
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRMicrosoft Corporation
Product-windowsworkforce_accessWorkforce Access
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36406
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-29 Apr, 2025 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_server_2022windows_11_23h2Windows 11 version 21H2Windows 11 version 22H3Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35136
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.28%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:16
Updated-05 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG20(W)-VPN series firmwareATP series firmwareUSG FLEX 50(W) series firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10626
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm429wmsm8996au_firmwaresdx24sdm439mdm9650msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaresdm670sxr2130qcs605_firmwareipq4019_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwareipq8074sda845_firmwareapq8098ipq6018_firmwaremdm9206_firmwareqcs605mdm9650_firmwareipq8064sda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwareipq8064_firmwaresda845apq8098_firmwaresdx20mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwaresdm710mdm9607apq8017_firmwaresdm710_firmwaremdm9207c_firmwareipq6018mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsda660_firmwarerennell_firmwareipq4019sdx55apq8053apq8096au_firmwaresaipan_firmwaresm8250sm8150sdx20_firmwareapq8017saipanmdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-30278
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.70%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678qcn9070sa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarewsa8830qcs2290_firmwarefsm10056qca8337sd7c_firmwarecsrb31024csra6620fsm10055_firmwareqcn9072qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresa6155ipq6000sd690_5gsd730_firmwarecsra6620_firmwarewcd9370sd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377sa415msd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950qcn6024_firmwaresd720gsm6375_firmwaresd662sd460_firmwaresa8155qca6574au_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwarewcd9306sm6225wcn3999sa515m_firmwareqcs6490qrb5165_firmwaresdxr2_5gqcn5052sa8155_firmwareipq6010qca4004_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwarewcd9306_firmwarewcd9340sa8195psd765gsd765_firmwarefsm10056_firmwareqca6436wcn6851wcd9335sa6155pqca8081qcn6023qca6174a_firmwareqcs4290_firmwarewcd9385qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarear8035csr8811qca6390sd_8cxsa8150psd750g_firmwaresm6250_firmwarewcd9375wcn3910_firmwareqca4004wsa8830_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qcx315qcn5022_firmwareqca6564awcn6750_firmwareqca8072qcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990qcn9000sd_675sd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwarewsa8835qca6574qcx315_firmwaresd665_firmwarecsr8811_firmwarewcd9380sd888_5gsd850sm6250pqcs410qca8075_firmwareqca6574asd690_5g_firmwareipq6005_firmwarewcn6855_firmwareqca6174asm7325psdx24_firmwareqca8072_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980wcn6750ipq6018_firmwaremdm9205sa515mqca6574_firmwarewcd9340_firmwaresm7325p_firmwaresd665sd7cwcn3910wcn6850sd765qca6426_firmwareqca6574a_firmwareqca9984ipq6028qcn5021qcn5152qcn9024sd768g_firmwaresd850_firmwarewcn3980_firmwaresd460qca6391sd730sdx55mipq6005sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290qcm6490_firmwareqcn9070_firmwareqrb5165sd480_firmwarewcn6851_firmwareipq6028_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcn5122qca6564a_firmwareqcn9024_firmwareqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855qcs610_firmwaremdm9150wcn6856qsm8250ipq6018qcn5022sa6145pqca6564_firmwareipq6010_firmwarear8031sd768gqcs405_firmwaresa8145pqca6696mdm9205_firmwareqca6391_firmwarewcd9370_firmwaresa6150psdx55qca8075qcn5021_firmwareqcn9022_firmwarecsra6640qcn6024qcn9022sa8155psd675qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareqcn9074_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CVE-2023-23409
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.03% / 76.35%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-22379
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.58%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_system_d50tnp1mhcpacserver_system_d50tnp2mhsvac_firmwareserver_system_m50cyp2ur312_firmwareserver_system_d50tnp2mhsvacserver_system_d50tnp1mhcrac_firmwareserver_system_d50tnp2mhstacserver_system_d50tnp2mfalacserver_system_m50cyp2ur208server_system_d50tnp1mhcrlc_firmwareserver_system_m50cyp1ur212_firmwareserver_system_m50cyp2ur208_firmwareserver_system_m50cyp2ur312server_system_m50cyp1ur204_firmwareserver_system_d50tnp1mhcracserver_system_d50tnp1mhcrlcserver_system_d50tnp2mhstac_firmwareserver_system_m50cyp1ur204server_system_d50tnp1mhcpac_firmwareserver_system_d50tnp2mfalac_firmwareserver_system_m50cyp1ur212Intel(R) Server Board BMC firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25444
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.61%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2023-21540
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.36% / 79.41%
||
7 Day CHG-0.25%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3621
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareqcm2150_firmwaremdm9640_firmwareqcs610sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636sda845_firmwaresa415mbitraapq8098qcn7605mdm9205mdm9206_firmwareqcs605bitra_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwareqca8081_firmwaresxr1130apq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sa415m_firmwareqcs405sc8180x_firmwareipq8074_firmwaresdm710qm215sc7180_firmwaremdm9607mdm9645_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081qcs610_firmwaremsm8937mdm9150msm8996_firmwaremsm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwarerennellsc7180qcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850sm8250kamortamsm8996saipannicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21559
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.36% / 79.41%
||
7 Day CHG-0.25%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found