Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-39298

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-16 Feb, 2022 | 16:38
Updated At-04 Aug, 2024 | 02:06
Rejected At-
Credits

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:16 Feb, 2022 | 16:38
Updated At:04 Aug, 2024 | 02:06
Rejected At:
â–¼CVE Numbering Authority (CNA)

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
2nd Gen EPYC
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • Various
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen EPYC
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen 2000 Series
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen 3000 Series
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • Various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen 5000 Series
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
x_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:16 Feb, 2022 | 17:15
Updated At:24 Feb, 2026 | 18:23

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
HP Inc.
hp
>>z1_entry_tower_g5_workstation_firmware>>Versions before 02.12.00(exclusive)
cpe:2.3:o:hp:z1_entry_tower_g5_workstation_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>z1_entry_tower_g5_workstation>>-
cpe:2.3:h:hp:z1_entry_tower_g5_workstation:-:*:*:*:*:*:*:*
HP Inc.
hp
>>z1_entry_tower_g6_workstation_firmware>>Versions before 02.10.00(exclusive)
cpe:2.3:o:hp:z1_entry_tower_g6_workstation_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>z1_entry_tower_g6_workstation>>-
cpe:2.3:h:hp:z1_entry_tower_g6_workstation:-:*:*:*:*:*:*:*
HP Inc.
hp
>>z1_g8_tower_desktop_pc_firmware>>Versions before 02.07.00(exclusive)
cpe:2.3:o:hp:z1_g8_tower_desktop_pc_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>z1_g8_tower_desktop_pc>>-
cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*
HP Inc.
hp
>>z4_g4_workstation_\(core-x\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(core-x\)_firmware:*:*:*:*:*:linux_kernel:*:*
HP Inc.
hp
>>z4_g4_workstation_\(core-x\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(core-x\)_firmware:*:*:*:*:*:windows_10:*:*
HP Inc.
hp
>>z4_g4_workstation_\(core-x\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(core-x\)_firmware:*:*:*:*:*:windows_7:*:*
HP Inc.
hp
>>z4_g4_workstation_\(core-x\)>>-
cpe:2.3:h:hp:z4_g4_workstation_\(core-x\):-:*:*:*:*:*:*:*
HP Inc.
hp
>>z4_g4_workstation_\(xeon_w\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(xeon_w\)_firmware:*:*:*:*:*:linux_kernel:*:*
HP Inc.
hp
>>z4_g4_workstation_\(xeon_w\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(xeon_w\)_firmware:*:*:*:*:*:windows_10:*:*
HP Inc.
hp
>>z4_g4_workstation_\(xeon_w\)_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z4_g4_workstation_\(xeon_w\)_firmware:*:*:*:*:*:windows_7:*:*
HP Inc.
hp
>>z4_g4_workstation_\(xeon_w\)>>-
cpe:2.3:h:hp:z4_g4_workstation_\(xeon_w\):-:*:*:*:*:*:*:*
HP Inc.
hp
>>z6_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:linux_kernel:*:*
HP Inc.
hp
>>z6_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:windows_10:*:*
HP Inc.
hp
>>z6_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:windows_7:*:*
HP Inc.
hp
>>z6_g4_workstation>>-
cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*
HP Inc.
hp
>>z8_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:linux_kernel:*:*
HP Inc.
hp
>>z8_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:windows_10:*:*
HP Inc.
hp
>>z8_g4_workstation_firmware>>Versions before 02.75(exclusive)
cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:windows_7:*:*
HP Inc.
hp
>>z8_g4_workstation>>-
cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*
HP Inc.
hp
>>engage_flex_mini_retail_system_firmware>>Versions before 02.10.00(exclusive)
cpe:2.3:o:hp:engage_flex_mini_retail_system_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>engage_flex_mini_retail_system>>-
cpe:2.3:h:hp:engage_flex_mini_retail_system:-:*:*:*:*:*:*:*
HP Inc.
hp
>>mp9_g4_retail_system_firmware>>Versions before 02.18.00(exclusive)
cpe:2.3:o:hp:mp9_g4_retail_system_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>mp9_g4_retail_system>>-
cpe:2.3:h:hp:mp9_g4_retail_system:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly_firmware>>Versions before 01.12.00(exclusive)
cpe:2.3:o:hp:elite_dragonfly_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly>>-
cpe:2.3:h:hp:elite_dragonfly:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly_g2_firmware>>Versions before 01.08.00(exclusive)
cpe:2.3:o:hp:elite_dragonfly_g2_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly_g2>>-
cpe:2.3:h:hp:elite_dragonfly_g2:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly_max_firmware>>Versions before 01.08.00(exclusive)
cpe:2.3:o:hp:elite_dragonfly_max_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_dragonfly_max>>-
cpe:2.3:h:hp:elite_dragonfly_max:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_1013_g3_firmware>>Versions before 01.19.00(exclusive)
cpe:2.3:o:hp:elite_x2_1013_g3_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_1013_g3>>-
cpe:2.3:h:hp:elite_x2_1013_g3:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_g4_firmware>>Versions before 01.12.00(exclusive)
cpe:2.3:o:hp:elite_x2_g4_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_g4>>-
cpe:2.3:h:hp:elite_x2_g4:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_g8_tablet_firmware>>Versions before 01.08.00(exclusive)
cpe:2.3:o:hp:elite_x2_g8_tablet_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elite_x2_g8_tablet>>-
cpe:2.3:h:hp:elite_x2_g8_tablet:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_1050_g1_firmware>>Versions before 01.19.00(exclusive)
cpe:2.3:o:hp:elitebook_1050_g1_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_1050_g1>>-
cpe:2.3:h:hp:elitebook_1050_g1:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g5_firmware>>Versions before 01.19.00(exclusive)
cpe:2.3:o:hp:elitebook_830_g5_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g5>>-
cpe:2.3:h:hp:elitebook_830_g5:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g6_firmware>>Versions before 01.12.00(exclusive)
cpe:2.3:o:hp:elitebook_830_g6_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g6>>-
cpe:2.3:h:hp:elitebook_830_g6:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g7_firmware>>Versions before 01.08.00(exclusive)
cpe:2.3:o:hp:elitebook_830_g7_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g7>>-
cpe:2.3:h:hp:elitebook_830_g7:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g8_firmware>>Versions before 01.08.00(exclusive)
cpe:2.3:o:hp:elitebook_830_g8_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_830_g8>>-
cpe:2.3:h:hp:elitebook_830_g8:-:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_836_g5_firmware>>Versions before 01.19.00(exclusive)
cpe:2.3:o:hp:elitebook_836_g5_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>elitebook_836_g5>>-
cpe:2.3:h:hp:elitebook_836_g5:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027psirt@amd.com
N/A
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032psirt@amd.com
N/A
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
Source: psirt@amd.com
Resource: N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Source: psirt@amd.com
Resource: N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

178Records found
CVE-2018-7113
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.6||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_5_firmwaregen_10_serversintegrated_lights-outHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CVE-2008-2940
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.29%
||
7 Day CHG~0.00%
Published-14 Aug, 2008 | 20:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.

Action-Not Available
Vendor-n/aHP Inc.
Product-linux_imaging_and_printing_projectn/a
CWE ID-CWE-264
Not Available
CVE-2008-1659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.80%
||
7 Day CHG~0.00%
Published-08 May, 2008 | 00:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-ldap-uxhp-uxn/a
CVE-2022-23925
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-27239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.09%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Action-Not Available
Vendor-n/aSUSEHP Inc.Debian GNU/LinuxSambaFedora Project
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_high_performance_computingmanager_serverlinux_enterprise_real_timehelion_openstackopenstack_cloudcifs-utilsmanager_proxymanager_retail_branch_serverlinux_enterprise_microdebian_linuxfedoralinux_enterprise_point_of_servicecaas_platformlinux_enterprise_desktoplinux_enterprise_storageenterprise_storageopenstack_cloud_crowbarn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23927
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23924
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23929
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23933
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23928
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23931
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23932
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23926
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2022-23930
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2003-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.46%
||
7 Day CHG~0.00%
Published-18 Nov, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2014-7303
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.95%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2003-0221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-29 Apr, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64n/a
CVE-2003-0333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.21% / 42.69%
||
7 Day CHG~0.00%
Published-23 May, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2002-1617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.25% / 48.03%
||
7 Day CHG~0.00%
Published-25 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environment variable to dtterm.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64n/a
CVE-2001-1123
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.48% / 65.17%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2001-0979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2014-7302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.74%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-1999-1247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.68%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.60% / 69.49%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetadminn/a
CVE-1999-1139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.13% / 32.14%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2020-12890
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.59%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 21:56
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-amd_generic_encapsulated_software_architectureAMD Processors
CVE-1999-0038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in xlock program allows local users to execute commands as root.

Action-Not Available
Vendor-data_generalbsdin/aHP Inc.Debian GNU/LinuxIBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-debian_linuxsunosirixsolarisbsd_osdg_uxhp-uxaixn/axlock
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.98%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Action-Not Available
Vendor-digitaln/aApple Inc.HP Inc.IBM CorporationLinux Kernel Organization, IncNEC CorporationFreeBSD Foundation
Product-up-ux_vfreebsdhp-uxaixosf_1asl_ux_4800linux_kernelews-ux_va_uxn/a
CVE-1999-0130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.89% / 75.48%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local users can start Sendmail in daemon mode and gain root privileges.

Action-Not Available
Vendor-eric_allmanbsdin/aHP Inc.IBM CorporationFreeBSD FoundationRed Hat, Inc.The MITRE Corporation (Caldera)
Product-linuxsendmailbsd_osfreebsdhp-uxaixnetwork_desktopn/a
CVE-1999-0325
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.62%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2020-12981
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.49%
||
7 Day CHG+0.10%
Published-11 Jun, 2021 | 21:49
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46771
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.27%
||
7 Day CHG+0.06%
Published-10 May, 2022 | 18:30
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7713pepyc_7573xepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7773xepyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYCâ„¢
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-08 Feb, 2007 | 18:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_managern/a
CVE-2021-39297
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-proone_600_g5_21.5-in_all-in-one_business_pcelitebook_840_g5zbook_studio_g5_firmwareprobook_440_g5elitebook_1050_g1_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_640_g7eliteone_800_g6_27_all-in-one_pcprobook_640_g4prodesk_680_g6_pci_microtower_pceliteone_800_g6_24_all-in-one_pc_firmwareelitedesk_805_g8_small_form_factor_pczhan_66_pro_14_g2probook_630_g8_firmwareelitebook_x360_830_g5_firmwareelitebook_x360_830_g5prodesk_600_g5_microtower_pc\(with_pci_slot\)elite_x2_1013_g3elitedesk_800_g5_small_form_factor_pcelitedesk_880_g6_tower_pcprodesk_600_g4_microtower_pc\(with_pci_slot\)_firmwareproone_440_g6_24_all-in-one_pc_firmwarezhan_66_pro_13_g2elite_dragonflyprobook_440_g5_firmwareelite_dragonfly_maxelitebook_840_g7_firmwareprodesk_405_g8_desktop_mini_pczbook_14u_g6_firmwareeliteone_800_g8_24_all-in-one_pc260_g3_desktop_mini_pcprobook_x360_11_g3_education_editionzbook_17_g6zbook_15_g6probook_650_g8_firmwareproone_400_g6_24_all-in-one_pcelitebook_850_g6_firmwareeliteone_800_g6_24_all-in-one_pcprodesk_480_g5_microtower_pcprobook_430_g8_firmwareelitedesk_800_95w_g4_desktop_mini_pczbook_fury_17_g7_firmwarezhan_66_pro_14_g3elitedesk_800_g4_workstation_editionzbook_studio_15_g8_firmwareelitedesk_880_g8_tower_pc_firmwareprodesk_405_g8_small_form_factor_pcelitebook_836_g6zbook_17_g6_firmwareprobook_470_g5elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g5_firmwareprodesk_480_g7_pci_microtower_pc_firmwareelitebook_840_g8elitebook_x360_1030_g7_firmwareprobook_640_g4_firmwareelitebook_846_g5probook_x360_11_g7_education_editionelitedesk_800_g4_small_form_factor_pc_firmwarezbook_fury_15_g7z4_g4_workstation_\(xeon_w\)zhan_66_pro_15_g3eliteone_800_g5_23.8-in_healthcare_edition_all-in-oneproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitedesk_800_g8_tower_pczbook_17_g5_firmwareelitebook_x360_1040_g8_firmwarez8_g4_workstation_firmwareelitebook_830_g5zhan_66_pro_g3_24_all-in-one_pcelitedesk_800_g6_tower_pcproone_600_g6_22_all-in-one_pc_firmwareelitebook_x360_1040_g6elitebook_840_g6_firmwareprodesk_405_g8_desktop_mini_pc_firmwarezhan_66_pro_15_g2elitedesk_800_g5_tower_pcelitebook_840_g5_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_x360_1030_g8probook_640_g5zbook_firefly_14_g7_firmwareproone_400_g6_20_all-in-one_pc_firmwarez1_entry_tower_g6_workstationprobook_x360_11_g6_education_editionz4_g4_workstation_\(xeon_w\)_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwareelite_dragonfly_g2elitebook_830_g6prodesk_400_g7_microtower_pcprodesk_600_g5_small_form_factor_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareprobook_x360_11_g7_education_edition_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pcprobook_430_g6_firmwareprodesk_400_g6_small_form_factor_pc_firmwareeliteone_800_g5_23.8-inch_all-in-oneprodesk_600_g4_desktop_mini_pc_firmwareprobook_650_g5_firmwarez1_entry_tower_g5_workstationeliteone_800_g8_27_all-in-one_pcproone_400_g4_20-inch_non-touch_all-in-one_business_pcproone_400_g5_20-inch_all-in-one_business_pc260_g3_desktop_mini_pc_firmwarez1_entry_tower_g5_workstation_firmwarezbook_fury_17_g8elitedesk_800_g4_small_form_factor_pcprodesk_680_g4_microtower_pceliteone_800_g6_27_all-in-one_pc_firmwareelitebook_x360_830_g7elitebook_x360_1040_g8probook_450_g5probook_450_g6_firmwareelitebook_836_g6_firmwareelitedesk_880_g4_tower_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareelitebook_x360_1030_g7prodesk_400_g6_microtower_pc_firmwareprobook_430_g5_firmwareelitebook_836_g5_firmwareelitebook_x360_1040_g7_firmwareprobook_650_g7_firmwarezbook_17_g5probook_x360_440_g1zhan_66_pro_15_g3_firmwareprodesk_400_g5_microtower_pcprobook_440_g7elitebook_x360_1040_g5elitedesk_800_35w_g4_desktop_mini_pczbook_fury_17_g8_firmwareeliteone_800_g8_27_all-in-one_pc_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelitebook_850_g8prodesk_600_g4_microtower_pcelitebook_x360_1030_g4probook_x360_440_g1_firmwareelitebook_830_g8_firmwareprodesk_600_g4_small_form_factor_pcprodesk_600_g5_microtower_pc_firmwareelitedesk_880_g6_tower_pc_firmwarezbook_15_g5_firmwareelitebook_840_g5_healthcare_edition_firmwareprodesk_400_g6_desktop_mini_pcz1_entry_tower_g6_workstation_firmwareprobook_x360_11_g3_education_edition_firmwareprodesk_400_g5_small_form_factor_pc_firmwarezbook_firefly_14_g7elitebook_840_g6_healthcare_edition_firmwaremp9_g4_retail_systemzbook_fury_15_g8probook_640_g7_firmwarezhan_66_pro_g3_24_all-in-one_pc_firmwareelitebook_840_g6elitebook_x360_830_g8probook_470_g5_firmwareengage_flex_mini_retail_system_firmwareelitebook_850_g8_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_x360_830_g6probook_450_g8prodesk_400_g5_microtower_pc_firmwarezbook_power_15_g8_firmwareelitedesk_880_g5_tower_pc_firmwareprodesk_600_g5_microtower_pc\(with_pci_slot\)_firmwareeliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwareprobook_x360_11_g4_education_editionzbook_studio_g7prodesk_600_g4_microtower_pc\(with_pci_slot\)elitebook_840_aero_g8_firmwareproone_400_g6_20_all-in-one_pcprodesk_600_g5_microtower_pcprodesk_600_g6_small_form_factor_pcz4_g4_workstation_\(core-x\)_firmwarezbook_fury_15_g7_firmwareprobook_640_g8_firmwarezbook_14u_g5_firmwareprodesk_600_g6_small_form_factor_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_studio_x360_g5elitedesk_800_g8_small_form_factor_pc_firmwarez1_g8_tower_desktop_pc_firmwarezbook_15u_g6zbook_studio_x360_g5_firmwareeliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pcelitedesk_800_g8_desktop_mini_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcelitedesk_800_g4_tower_pcelitedesk_880_g5_tower_pczbook_firefly_15_g8elite_dragonfly_max_firmwarezbook_studio_g7_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_x360_11_g6_education_edition_firmwarezbook_firefly_15_g7_firmwarez6_g4_workstationproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_846_g5_firmwareprodesk_600_g5_small_form_factor_pc_firmwareelite_x2_g8_tabletzbook_15u_g5prodesk_600_g6_microtower_pczbook_fury_17_g7prodesk_480_g6_microtower_pc_firmwareelitebook_840_g5_healthcare_editionproone_440_g6_24_all-in-one_pceliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmwareprodesk_400_g4_desktop_mini_pc_firmwareelite_x2_1013_g3_firmwareelitedesk_805_g6_small_form_factor_pcprodesk_400_g5_small_form_factor_pcelitebook_830_g7_firmwarezbook_14u_g6eliteone_1000_g2_23.8-in_touch_all-in-one_business_pcelitebook_850_g6probook_450_g7proone_400_g6_24_all-in-one_pc_firmwarezbook_15u_g6_firmwareelitedesk_880_g4_tower_pc_firmwareprodesk_680_g6_pci_microtower_pc_firmwareprodesk_400_g6_microtower_pcprodesk_600_g4_desktop_mini_pcprobook_440_g8probook_450_g7_firmwareprobook_640_g5_firmwareprobook_440_g6prodesk_600_g5_desktop_mini_pc_firmwareprobook_450_g6prodesk_600_g5_desktop_mini_pcprobook_630_g8probook_650_g8probook_650_g4_firmwarezbook_firefly_15_g8_firmwarezbook_fury_15_g8_firmwareelitedesk_800_g6_small_form_factor_pcprobook_650_g4zhan_x_13_g2probook_650_g5z6_g4_workstation_firmwarezbook_studio_g5prodesk_600_g4_small_form_factor_pc_firmwareelitedesk_800_g8_desktop_mini_pc_firmwarezbook_create_g7elitedesk_805_g8_small_form_factor_pc_firmwarezhan_66_pro_14_g2_firmwareprodesk_600_g4_microtower_pc_firmwareprobook_430_g8zbook_studio_15_g8elitedesk_800_g5_desktop_mini_pc_firmwareprodesk_400_g6_desktop_mini_pc_firmwareelitebook_x360_1040_g7elite_x2_g4prodesk_600_g6_desktop_mini_pc_firmwarezbook_15_g5probook_430_g6eliteone_800_g5_23.8-inch_all-in-one_firmwareelitebook_830_g8elitebook_x360_1030_g3proone_400_g5_23.8-inch_all-in-one_business_pc_firmwareelitedesk_805_g6_desktop_mini_pc_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_800_g5_desktop_mini_pcelitedesk_800_g6_small_form_factor_pc_firmwarezhan_x_13_g2_firmwareprodesk_600_g6_desktop_mini_pcelitebook_x360_830_g8_firmwarezhan_66_pro_14_g4prodesk_680_g4_microtower_pc\(with_pci_slot\)probook_430_g7proone_400_g5_23.8-inch_all-in-one_business_pcprobook_450_g8_firmwareprodesk_680_g4_microtower_pc\(with_pci_slot\)_firmwareelitedesk_800_g5_small_form_factor_pc_firmwareelitebook_836_g5elitedesk_800_g8_tower_pc_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareprodesk_680_g4_microtower_pc_firmwareelitebook_830_g7elitedesk_800_g6_desktop_mini_pcprodesk_400_g7_small_form_factor_pcprobook_650_g7prodesk_400_g7_microtower_pc_firmwareprodesk_600_g6_microtower_pc_firmwareelitedesk_805_g6_desktop_mini_pcprobook_x360_11_g4_education_edition_firmwareelite_x2_g8_tablet_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pcelite_dragonfly_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareprobook_440_g6_firmwareelitebook_x360_830_g6_firmwareelitebook_840_g8_firmwareelitebook_830_g6_firmwareelitebook_850_g7zhan_66_pro_g3_22_all-in-one_pcelitedesk_805_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g5_firmwareelitedesk_800_g6_tower_pc_firmwarezhan_66_pro_g1_firmwareprobook_x360_11_g5_education_edition_firmwarezbook_firefly_14_g8probook_430_g5probook_430_g7_firmwareelitedesk_800_g6_desktop_mini_pc_firmwareelite_x2_g4_firmwarezbook_power_g7_firmwarezhan_66_pro_13_g2_firmwarezbook_power_15_g8zbook_firefly_14_g8_firmwareelitebook_x360_830_g7_firmwareelite_dragonfly_g2_firmwareelitebook_850_g7_firmwareelitebook_x360_1030_g3_firmwareproone_600_g6_22_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitedesk_800_g4_workstation_edition_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmwareelitebook_840_g6_healthcare_editioneliteone_1000_g2_23.8-in_all-in-one_business_pcelitebook_840_aero_g8probook_450_g5_firmwarezhan_66_pro_15_g2_firmwarezhan_66_pro_14_g4_firmwarezbook_firefly_15_g7eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcprodesk_480_g6_microtower_pcz8_g4_workstationzbook_14u_g5eliteone_800_g8_24_all-in-one_pc_firmwareelitedesk_805_g8_desktop_mini_pc_firmwareprodesk_400_g4_desktop_mini_pcelitebook_x360_1030_g8_firmwareprobook_640_g8zhan_66_pro_g1z4_g4_workstation_\(core-x\)mp9_g4_retail_system_firmwareelitebook_840_g7elitebook_840r_g4elitedesk_800_g4_tower_pc_firmwareelitebook_1050_g1prodesk_400_g7_small_form_factor_pc_firmwareengage_flex_mini_retail_systemprodesk_400_g5_desktop_mini_pcelitebook_850_g5z1_g8_tower_desktop_pczbook_power_g7probook_440_g7_firmwareelitedesk_880_g8_tower_pcproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_x360_1030_g4_firmwareelitedesk_800_g8_small_form_factor_pczhan_66_pro_14_g3_firmwarezbook_15u_g5_firmwareelitedesk_805_g8_desktop_mini_pcprobook_x360_11_g5_education_editionelitedesk_800_35w_g4_desktop_mini_pc_firmwareprobook_440_g8_firmwareelitebook_830_g5_firmwarezbook_15_g6_firmwareelitedesk_800_g5_tower_pc_firmwareelitebook_840r_g4_firmwareprodesk_405_g8_small_form_factor_pc_firmwareprodesk_480_g7_pci_microtower_pcprodesk_480_g5_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarezbook_create_g7_firmwareprodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcBUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS
CVE-2021-26326
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.98%
||
7 Day CHG+0.08%
Published-16 Nov, 2021 | 17:52
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7232p_firmwareepyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7413_firmwareepyc_7232pepyc_7643epyc_72f3epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYCâ„¢
CWE ID-CWE-665
Improper Initialization
CVE-2021-26331
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.20%
||
7 Day CHG+0.07%
Published-16 Nov, 2021 | 18:09
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7451epyc_7252_firmwareepyc_7282_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7401epyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7301_firmwareepyc_73f32nd Gen AMD EPYCâ„¢3rd Gen AMD EPYCâ„¢1st Gen AMD EPYCâ„¢
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26335
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.45%
||
7 Day CHG+0.08%
Published-16 Nov, 2021 | 18:08
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7451epyc_7252_firmwareepyc_7282_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7401epyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7301_firmwareepyc_73f3Athlonâ„¢ SeriesRyzenâ„¢ Series
CVE-2021-26324
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.98%
||
7 Day CHG+0.08%
Published-10 May, 2022 | 18:27
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7713pepyc_7573xepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7773xepyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYCâ„¢
CVE-2021-26353
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.27%
||
7 Day CHG+0.09%
Published-10 May, 2022 | 18:33
Updated-24 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7573xepyc_7373x_firmwareepyc_7543_firmwareepyc_7473xepyc_74f3epyc_7453_firmwareepyc_7663_firmwareepyc_7413_firmwareepyc_73f3_firmwareepyc_75f3epyc_7313p_firmwareepyc_7443_firmwareepyc_7713p_firmwareepyc_7343epyc_7713epyc_7543pepyc_74f3_firmwareepyc_7453epyc_7763epyc_7313epyc_7713_firmwareepyc_7313pepyc_7663epyc_72f3epyc_75f3_firmwareepyc_7543p_firmwareepyc_7513epyc_7513_firmwareepyc_7773xepyc_7643epyc_7773x_firmwareepyc_7573x_firmwareepyc_7473x_firmwareepyc_7713pepyc_73f3epyc_7443p_firmwareepyc_7313_firmwareepyc_7443pepyc_72f3_firmwareepyc_7413epyc_7763_firmwareepyc_7373xepyc_7443epyc_7343_firmwareepyc_7643_firmwareepyc_75433rd Gen EPYC
CWE ID-CWE-665
Improper Initialization
CVE-2021-26386
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 18:28
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_5800x_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_5600gryzen_9_3900xryzen_5_2500uryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxryzen_5900xryzen_5_5560uryzen_5300ge_firmwareryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareryzen_5700gryzen_3_3100ryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_5300g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_threadripper_pro_5965wx_firmwareryzen_5_5625c_firmwareryzen_5950x_firmwareryzen_5_2600hryzen_5_5625cryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareryzen_7_2800hryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5700g_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_5900x_firmwareryzen_9_5980hs_firmwareryzen_5300gryzen_5700geryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5800x3d_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_3800xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_5600x_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_5425u_firmwareryzen_3_3300g_firmwareryzen_5_3450gryzen_5600geryzen_5_5600uryzen_threadripper_pro_5975wxryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_5600ge_firmwareryzen_threadripper_2970wxryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5600g_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5800xryzen_9_3950x_firmwareryzen_5700ge_firmwareryzen_threadripper_pro_3995wxryzen_7_2700xryzen_5_5700g_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_5600xryzen_5300geryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5825cryzen_5950xryzen_5_2600h_firmwareryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_5800x3dryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_3_3300gryzen_7_5800hryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareAthlonâ„¢ SeriesRyzenâ„¢ Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26317
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 18:27
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-athlon_3150geryzen_5800x_firmwareathlon_3150g_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_5600gryzen_9_3900xryzen_5_2500uryzen_9_5980hxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_3_2300uryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxryzen_5900xryzen_5_5560uryzen_5300ge_firmwareryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareryzen_5700gryzen_3_3100ryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_5300g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_7_5800h_firmwareryzen_7_3700xryzen_3_3300xryzen_5_5625c_firmwareryzen_5950x_firmwareryzen_5_2600hryzen_5_5625cryzen_7_2700uryzen_5_3450g_firmwareryzen_3_5400uradeon_softwareryzen_7_2800hathlon_3150gryzen_threadripper_3990x_firmwareryzen_9_5980hs_firmwareryzen_5700g_firmwareryzen_7_3700x_firmwareryzen_5_2600x_firmwareryzen_5900x_firmwareryzen_5_5600x_firmwareryzen_5300gryzen_5700geryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5800x3d_firmwareryzen_7_2700_firmwareryzen_5_3400g_firmwareathlon_3150ge_firmwareryzen_threadripper_pro_5955wxryzen_5_5600h_firmwareryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_7_3800xathlon_3050ge_firmwareryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_5600x_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3450gathlon_3050geryzen_5600geryzen_5_5600uryzen_threadripper_pro_5975wxryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_5600ge_firmwareryzen_threadripper_2970wxryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5600g_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_5_5700gryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5800xryzen_9_3950x_firmwareryzen_5700ge_firmwareryzen_threadripper_pro_3995wxryzen_7_2700xryzen_5_5700g_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_5600xryzen_5300geryzen_9_5980hx_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5825cryzen_5950xryzen_threadripper_pro_5965wxryzen_7_5800uryzen_5_2600h_firmwareryzen_9_5900hxryzen_5800x3dryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_3_3300gryzen_7_5800hryzen_threadripper_3970x_firmwareryzen_threadripper_pro_3945wxryzen_5_3600ryzen_threadripper_pro_3975wx_firmwareryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareAthlonâ„¢ SeriesRyzenâ„¢ Series
CVE-2013-6208
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Linux Kernel Organization, Inc
Product-smart_update_managerlinux_kerneln/a
CVE-2016-9795
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-systemedgeaixvirtual_assurance_for_infrastructure_managerssolarisclient_automationhp-uxlinux_kernelsystems_performance_for_infrastructure_managersuniversal_job_management_agentca_workload_automation_aen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5220
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.86%
||
7 Day CHG~0.00%
Published-26 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2000-0702
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2012-5218
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.86%
||
7 Day CHG~0.00%
Published-24 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-elitepadn/a
CVE-2012-2291
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.03% / 9.25%
||
7 Day CHG~0.00%
Published-21 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

Action-Not Available
Vendor-n/aELAN Microelectronics CorporationHP Inc.Apple Inc.
Product-mac_os_xavamar_pluginavamarhp-uxn/a
CVE-2022-23934
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2010-3007
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-25.57% / 96.24%
||
7 Day CHG~0.00%
Published-09 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protector_expressn/a
CVE-2010-3008
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protector_expressn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found