Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-46749

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-09 May, 2023 | 18:59
Updated At-28 Jan, 2025 | 15:42
Rejected At-
Credits

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:09 May, 2023 | 18:59
Updated At:28 Jan, 2025 | 15:42
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 3000 Series Desktop Processors “Matisse” AM4
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ Threadripper™ PRO Processors “Chagall” WS
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:09 May, 2023 | 19:15
Updated At:28 Jan, 2025 | 16:15

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Advanced Micro Devices, Inc.
amd
>>ryzen_5300g_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5300g_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5300g>>-
cpe:2.3:h:amd:ryzen_5300g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5300ge_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5300ge_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5300ge>>-
cpe:2.3:h:amd:ryzen_5300ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5500_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5500_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5500>>-
cpe:2.3:h:amd:ryzen_5500:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5600_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600>>-
cpe:2.3:h:amd:ryzen_5600:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600g_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5600g_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600g>>-
cpe:2.3:h:amd:ryzen_5600g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600ge_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5600ge_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600ge>>-
cpe:2.3:h:amd:ryzen_5600ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600x_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5600x_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5600x>>-
cpe:2.3:h:amd:ryzen_5600x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700g_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5700g_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700g>>-
cpe:2.3:h:amd:ryzen_5700g:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700ge_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5700ge_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700ge>>-
cpe:2.3:h:amd:ryzen_5700ge:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700x_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5700x_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5700x>>-
cpe:2.3:h:amd:ryzen_5700x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5800_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800>>-
cpe:2.3:h:amd:ryzen_5800:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800x3d_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5800x3d_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800x3d>>-
cpe:2.3:h:amd:ryzen_5800x3d:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800x_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5800x_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5800x>>-
cpe:2.3:h:amd:ryzen_5800x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5900_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5900_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5900>>-
cpe:2.3:h:amd:ryzen_5900:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5900x_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5900x_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5900x>>-
cpe:2.3:h:amd:ryzen_5900x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5945wx_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5945wx_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5945wx>>-
cpe:2.3:h:amd:ryzen_5945wx:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5950x_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5950x_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5950x>>-
cpe:2.3:h:amd:ryzen_5950x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5955wx_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5955wx_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5955wx>>-
cpe:2.3:h:amd:ryzen_5955wx:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5965wx_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5965wx_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5965wx>>-
cpe:2.3:h:amd:ryzen_5965wx:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5975wx_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5975wx_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5975wx>>-
cpe:2.3:h:amd:ryzen_5975wx:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5995wx_firmware>>cezannepi-fp6_1.0.0.8
cpe:2.3:o:amd:ryzen_5995wx_firmware:cezannepi-fp6_1.0.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_5995wx>>-
cpe:2.3:h:amd:ryzen_5995wx:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100_firmware>>comboam4pi_1.0.0.9
cpe:2.3:o:amd:ryzen_3100_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100>>-
cpe:2.3:h:amd:ryzen_3100:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100_firmware>>comboam4v2_pi_1.2.0.5
cpe:2.3:o:amd:ryzen_3100_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100>>-
cpe:2.3:h:amd:ryzen_3100:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100_firmware>>comboam4v2_pi_1.2.0.8
cpe:2.3:o:amd:ryzen_3100_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100>>-
cpe:2.3:h:amd:ryzen_3100:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100_firmware>>picassopi-fp5_1.0.0.e
cpe:2.3:o:amd:ryzen_3100_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>ryzen_3100>>-
cpe:2.3:h:amd:ryzen_3100:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001psirt@amd.com
Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
Source: psirt@amd.com
Resource:
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

524Records found
CVE-2021-46765
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.83%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:01
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_6980hxryzen_5500_firmwareryzen_3800xryzen_3900xryzen_3900ryzen_5600gryzen_3500x_firmwareryzen_5600ryzen_5700xryzen_5800x3d_firmwareryzen_3500_firmwareryzen_3900_firmwareryzen_6980hsryzen_5975wx_firmwareryzen_5965wxryzen_5900x_firmwareryzen_6800u_firmwareryzen_5900xryzen_3500xryzen_5800ryzen_3600ryzen_6800hsryzen_3900xt_firmwareryzen_6600uryzen_5800x_firmwareryzen_3500ryzen_5500ryzen_5600geryzen_6800hs_firmwareryzen_5955wxryzen_5900ryzen_6800uryzen_6900hxryzen_5800_firmwareryzen_3600xryzen_5950xryzen_5600g_firmwareryzen_6900hsryzen_3300xryzen_3950x_firmwareryzen_3800x_firmwareryzen_5955wx_firmwareryzen_3900xtryzen_6800h_firmwareryzen_5600ge_firmwareryzen_5945wx_firmwareryzen_5700geryzen_3600xtryzen_5800xryzen_3600x_firmwareryzen_5995wx_firmwareryzen_3900x_firmwareryzen_6900hs_firmwareryzen_5700gryzen_6900hx_firmwareryzen_6600hryzen_5600xryzen_5700ge_firmwareryzen_5300g_firmwareryzen_5700x_firmwareryzen_5965wx_firmwareryzen_5300ge_firmwareryzen_5600_firmwareryzen_3950xryzen_5300geryzen_5600x_firmwareryzen_6980hx_firmwareryzen_3800xtryzen_6980hs_firmwareryzen_5950x_firmwareryzen_3800xt_firmwareryzen_6600hs_firmwareryzen_6600u_firmwareryzen_5995wxryzen_3100_firmwareryzen_3300x_firmwareryzen_6800hryzen_3600xt_firmwareryzen_5300gryzen_5700g_firmwareryzen_5945wxryzen_3600_firmwareryzen_3100ryzen_5800x3dryzen_6600h_firmwareryzen_5975wxryzen_5900_firmwareryzen_6600hsRyzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Ryzen™ 6000 Series Mobile Processors "Rembrandt"Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-46794
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.97%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:01
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_2600xathlon_gold_3150geryzen_3600x_firmwareryzen_3800xryzen_1200_\(af\)_firmwareryzen_3300xryzen_5300geryzen_3600ryzen_5995wxryzen_2920x_firmwareryzen_5600ryzen_5955wxryzen_5800x_firmwareryzen_2700eryzen_2600_firmwareryzen_5500_firmwareryzen_5900ryzen_3600xryzen_2920xryzen_pro_2100ge_firmwareryzen_2970wx_firmwareryzen_3800x_firmwareryzen_3600xt_firmwareryzen_5700xryzen_5600xryzen_2300x_firmwareryzen_5300g_firmwareryzen_5700geryzen_2600e_firmwareryzen_2950xryzen_3900xt_firmwareryzen_2600ryzen_3600_firmwareryzen_2500xryzen_5600x_firmwareryzen_3900xtryzen_5945wx_firmwareryzen_2990wx_firmwareathlon_gold_3150g_firmwareryzen_5800_firmwareryzen_2990wxryzen_3100_firmwareryzen_3500_firmwareryzen_2500x_firmwareryzen_5300gryzen_2200geryzen_2200ge_firmwareryzen_3900ryzen_5975wxryzen_2200gryzen_2950x_firmwareryzen_2600eryzen_2700_firmwareryzen_5800ryzen_3800xt_firmwareryzen_5800xryzen_5800x3d_firmwareryzen_3300x_firmwareathlon_silver_3050geryzen_2970wxathlon_silver_3050ge_firmwareryzen_3800xtryzen_5500ryzen_2700x_firmwareryzen_3900xryzen_2600x_firmwareryzen_5955wx_firmwareryzen_3500ryzen_5300ge_firmwareryzen_2400ge_firmwareryzen_3950xryzen_5995wx_firmwareryzen_5950x_firmwareathlon_gold_3150gryzen_1200_\(af\)ryzen_5700g_firmwareryzen_5900_firmwareryzen_3600xtryzen_5600ge_firmwareryzen_5600gryzen_5950xryzen_2400gryzen_pro_2100geryzen_5600_firmwareryzen_2700xryzen_5965wx_firmwareryzen_5600g_firmwareryzen_2400geryzen_5945wxryzen_5965wxryzen_5700gryzen_5600geryzen_3900_firmwareryzen_2700ryzen_2200g_firmwareryzen_5900xryzen_3950x_firmwareryzen_5700ge_firmwareryzen_3100ryzen_1600_\(af\)ryzen_2300xryzen_1600_\(af\)_firmwareryzen_3500xryzen_3500x_firmwareryzen_2400g_firmwareryzen_5900x_firmwareryzen_5700x_firmwareryzen_5975wx_firmwareryzen_5800x3dryzen_3900x_firmwareryzen_2700e_firmwareathlon_gold_3150ge_firmwareRyzen™ 3000 Series Desktop Processors “Matisse” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP5Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WSRyzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20530
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.26%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7343_firmwareepyc_7543_firmwareepyc_7373xepyc_7453epyc_7743epyc_7413_firmwareepyc_73f3_firmwareepyc_7443epyc_7513epyc_7763_firmwareepyc_7373x_firmwareepyc_7573x_firmwareepyc_7543p_firmwareepyc_7663epyc_7773xepyc_72f3_firmwareepyc_7443p_firmwareepyc_7543epyc_7773x_firmwareepyc_7443pepyc_75f3epyc_7443_firmwareepyc_7313p_firmwareepyc_7313pepyc_7543pepyc_7003epyc_7313epyc_7003_firmwareepyc_7313_firmwareepyc_74f3epyc_7573xepyc_75f3_firmwareepyc_7663_firmwareepyc_7763epyc_7343epyc_7413epyc_7643epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7743_firmwareepyc_7643_firmwareepyc_7713epyc_72f3epyc_74f3_firmwareepyc_7513_firmware3rd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20529
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.42%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-20522
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.26%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpiromepimilanpi_firmwareromepi_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20533
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:52
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pepyc_7573xepyc_7443epyc_7643pepyc_7513ryzen_9_3900xryzen_3_3100_firmwareryzen_9_5900x_firmwareepyc_7232p_firmwareepyc_7702epyc_7203_firmwareryzen_5_5600xryzen_9_5900_firmwareepyc_7453ryzen_5_3600xt_firmwareepyc_7373xepyc_7513_firmwareryzen_5_3600x_firmwareepyc_7542epyc_7303p_firmwareepyc_7413_firmwareepyc_7h12_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xryzen_threadripper_pro_3975wxepyc_7643_firmwareepyc_7f52epyc_75f3epyc_7373x_firmwareepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_7643p_firmwareepyc_7313pryzen_7_3800xt_firmwareepyc_7573x_firmwareryzen_3_3300xryzen_7_3700xepyc_7352epyc_7303pepyc_7713_firmwareepyc_7742ryzen_5_5500epyc_7272epyc_7203p_firmwareepyc_7713epyc_7443p_firmwareryzen_5_5600_firmwareryzen_7_5800xepyc_7773xryzen_threadripper_3990x_firmwareryzen_9_3900ryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_9_5900ryzen_threadripper_3990xepyc_7742_firmwareryzen_7_5800ryzen_7_3800xryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareepyc_7663pepyc_7443_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareryzen_9_3900xt_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_5_3600xtepyc_7313p_firmwareryzen_5_3500x_firmwareepyc_7252epyc_7502pryzen_9_3900xtepyc_7302p_firmwareepyc_7663p_firmwareryzen_5_3500xryzen_9_5950x_firmwareepyc_7642_firmwareepyc_7452epyc_7h12ryzen_7_5800x_firmwareepyc_7543p_firmwareepyc_7302ryzen_7_3800x_firmwareepyc_7232pryzen_threadripper_pro_3945wx_firmwareepyc_7663epyc_7203epyc_7552_firmwareepyc_7773x_firmwareryzen_5_3600xepyc_72f3_firmwareepyc_7f72epyc_7662ryzen_7_3800xtepyc_7642epyc_7473xryzen_9_3950x_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413epyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_9_3900x_firmwareepyc_7303_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareryzen_5_3500_firmwareepyc_7302_firmwareepyc_7763ryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareepyc_7402_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262epyc_7203pepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_9_3950xryzen_5_5600ryzen_threadripper_3970xryzen_5_3500epyc_7543pepyc_7313_firmwareepyc_7443pryzen_threadripper_pro_3945wxryzen_5_3600ryzen_threadripper_3970x_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_7282epyc_7303epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_7_5700xepyc_73f3AMD EPYC™ Embedded 7002AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD EPYC™ Embedded 7003AMD Ryzen™ Embedded 5000AMD EPYC™ Embedded 70033rd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS2nd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3AMD EPYC™ Embedded 7002Ryzen™ 3000 series Desktop Processors “Matisse"
CVE-2023-20531
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.42%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26406
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.54%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:59
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7301_firmwareepyc_7451_firmwareepyc_7552_firmwareepyc_7451epyc_7282_firmwareepyc_7742_firmwareepyc_7371epyc_7f72_firmwareepyc_7532epyc_7702p_firmwareepyc_7551epyc_7h12epyc_7301epyc_7401epyc_7f52epyc_7f32epyc_7402pepyc_7552epyc_7261_firmwareepyc_7571_firmwareepyc_7252epyc_7402_firmwareepyc_7351_firmwareepyc_7642_firmwareepyc_7262_firmwareepyc_7351epyc_7542epyc_7642epyc_7272_firmwareepyc_7501epyc_7302epyc_7f32_firmwareepyc_7401p_firmwareepyc_7252_firmwareepyc_7352epyc_7401_firmwareepyc_7662epyc_7232pepyc_7532_firmwareepyc_7351p_firmwareepyc_7551pepyc_7501_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_7f52_firmwareepyc_7502epyc_7452epyc_7601_firmwareepyc_7302pepyc_7502_firmwareepyc_7402p_firmwareepyc_7251epyc_7402epyc_7551_firmwareepyc_7232p_firmwareepyc_7302p_firmwareepyc_7261epyc_7551p_firmwareepyc_7352_firmwareepyc_7281epyc_7502p_firmwareepyc_7371_firmwareepyc_7281_firmwareepyc_7571epyc_7702epyc_7702pepyc_7251_firmwareepyc_7351pepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7401pepyc_7282epyc_7272epyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7601epyc_7262Ryzen™ 3000 Series Desktop Processors “Matisse” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP52nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”1st Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM43rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”
CVE-2021-26338
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.95%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:53
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-284
Improper Access Control
CVE-2023-31320
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:51
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_pro_w5500xradeon_rx_vega_64radeon_pro_w7600radeon_rx_6500mradeon_rx_6600radeon_pro_vega_56_firmwareryzen_3_5300uradeon_rx_6900_xtradeon_rx_7900mryzen_5_5600gradeon_rx_7900_xtradeon_rx_5300ryzen_7_4700geryzen_7_4800hradeon_rx_vega_56radeon_pro_w6400radeon_rx_5500ryzen_5_5500hradeon_rx_7900_greradeon_pro_w5700ryzen_9_4900hryzen_3_5300geryzen_5_5600geradeon_rx_6550mryzen_7_4800hsradeon_rx_5300_xtryzen_3_3015ceryzen_5_pro_3400gradeon_rx_7800_xtradeon_rx_6700sryzen_7_4700gryzen_7_5700geryzen_3_3015eryzen_3_4300gradeon_rx_6600_xtradeon_rx_6850m_xtradeon_rx_6650_xtradeon_pro_vega_56ryzen_5_pro_3350geradeon_rx_5700mradeon_pro_w6600mradeon_pro_w6600xradeon_pro_w6600radeon_rx_5700radeon_rx_5700_xtradeon_rx_6800_xtradeon_pro_w7500radeon_rx_7600mradeon_rx_5500mradeon_pro_w6900xradeon_rx_5300mradeon_rx_6500_xtradeon_pro_w6800radeon_pro_vega_64radeon_rx_6600mradeon_rx_6550sryzen_3_4100ryzen_9_4900hsradeon_pro_w5700xradeon_rx_6950_xtryzen_7_5700gryzen_5_4600hsradeon_rx_5500_xtryzen_5_pro_3200gradeon_pro_w7800radeon_rx_7700sryzen_5_pro_3200geryzen_5_4600gradeon_rx_6300mradeon_rx_7600radeon_rx_6450mradeon_rx_5600mradeon_rx_6800mradeon_softwareryzen_5_4600geradeon_rx_vega_56_firmwareradeon_rx_vega_64_firmwareryzen_5_4500uradeon_rx_6700radeon_pro_w6800x_duoradeon_pro_w6300radeon_rx_6400ryzen_3_4300uradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6800radeon_rx_6700_xtradeon_rx_6700mryzen_7_4980uryzen_5_pro_3350gryzen_3_5300gryzen_5_pro_3400geradeon_pro_w5500radeon_rx_5600radeon_pro_w6800xradeon_rx_5600_xtryzen_3_4300geryzen_5_4680uryzen_5_5500uradeon_pro_w6500mradeon_rx_7600sradeon_rx_7600m_xtradeon_pro_vega_64_firmwareryzen_7_4700uradeon_rx_6600sradeon_rx_7700_xtryzen_5_4600uradeon_rx_7900_xtxradeon_rx_6800sradeon_pro_w6300mryzen_7_5700uryzen_5_4600hryzen_5_4500Radeon™ PRO W5000/W6000/W7000 Series Graphics CardsRadeon™ RX Vega Series Graphics CardsRadeon™ RX 5000/6000/7000 Series Graphics Cards Radeon™ PRO WX Vega Series Graphics Cards
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23831
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:45
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

Action-Not Available
Vendor-FreeBSD FoundationLinux Kernel Organization, IncMicrosoft CorporationAdvanced Micro Devices, Inc.
Product-amd_uprofwindowsfreebsdlinux_kernelAMD μProf
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27674
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.31%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:45
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Action-Not Available
Vendor-FreeBSD FoundationLinux Kernel Organization, IncMicrosoft CorporationAdvanced Micro Devices, Inc.
Product-amd_uprofwindowsfreebsdlinux_kernelAMD μProf
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46755
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.14%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:00
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3600x_firmwareryzen_3300xryzen_3800xryzen_3800xt_firmwareryzen_5800xryzen_5800x3d_firmwareryzen_3300x_firmwareryzen_3600ryzen_3800xtryzen_5500ryzen_3900xryzen_5600ryzen_3500ryzen_3950xryzen_5800x_firmwareryzen_5950x_firmwareryzen_5700g_firmwareryzen_5500_firmwareryzen_3600xtryzen_3600xryzen_5600gryzen_3800x_firmwareryzen_5950xryzen_3600xt_firmwareryzen_5700xryzen_5600xryzen_5600_firmwareryzen_5600g_firmwareryzen_5700gryzen_3900_firmwareryzen_3900xt_firmwareryzen_3600_firmwareryzen_5900xryzen_3950x_firmwareryzen_5600x_firmwareryzen_3900xtryzen_3100ryzen_3500xryzen_3100_firmwareryzen_3500_firmwareryzen_3500x_firmwareryzen_5900x_firmwareryzen_5700x_firmwareryzen_5800x3dryzen_3900x_firmwareryzen_3900Ryzen™ 3000 Series Desktop Processors “Matisse” AM4Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSRyzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WSAMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”
CVE-2021-46764
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.83%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7552_firmwareepyc_7282_firmwareepyc_7742_firmwareepyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7h12epyc_7453epyc_73f3_firmwareepyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_73f3epyc_74f3_firmwareepyc_7252epyc_7402_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7402epyc_7643epyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7502p_firmwareepyc_7713_firmwareepyc_7713epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_72623rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46774
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.06%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:52
Updated-11 Oct, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7543epyc_7402epyc_9354pepyc_7f32ryzen_9_3950xtepyc_7713pepyc_7443epyc_7513ryzen_9_5900x_firmwareepyc_7203_firmwareepyc_7453epyc_8224pepyc_9334_firmwareepyc_9454p_firmwareepyc_7542epyc_7303p_firmwareepyc_9454epyc_8024pn_firmwareepyc_7281_firmwareepyc_7413_firmwareepyc_9534_firmwareepyc_9754_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960x_firmwareryzen_7_3700xtryzen_threadripper_pro_3975wxepyc_8024pnepyc_7643_firmwareepyc_7f52epyc_9274f_firmwareepyc_7373x_firmwareepyc_7f32_firmwareepyc_7001_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_8024pepyc_8434pepyc_7281epyc_9634_firmwareepyc_7643p_firmwareepyc_7551p_firmwareryzen_9_3950xt_firmwareepyc_7601_firmwareepyc_7573x_firmwareepyc_7303pepyc_7401ryzen_5_5500epyc_7713ryzen_5_5600_firmwareryzen_threadripper_3990x_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_5800x3depyc_8324pn_firmwareryzen_threadripper_3990xepyc_9634epyc_9554p_firmwareepyc_8324p_firmwareepyc_8024p_firmwareryzen_7_5800epyc_7501ryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareepyc_8124p_firmwareepyc_7663pepyc_7443_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_9274fepyc_9734epyc_9454pepyc_9734_firmwareepyc_7313p_firmwareryzen_5_3500x_firmwareepyc_7252epyc_7502pepyc_7351p_firmwareepyc_9124epyc_9374f_firmwareepyc_7601ryzen_7_3800x_firmwareepyc_8534pnryzen_threadripper_pro_3945wx_firmwareepyc_7203epyc_72f3_firmwareepyc_8224p_firmwareepyc_9174fepyc_7662epyc_7642epyc_8534pepyc_7502p_firmwareepyc_7413epyc_9654_firmwareepyc_9384xepyc_7313ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_9_3900x_firmwareepyc_7351_firmwareepyc_7251epyc_7302pepyc_74f3_firmwareepyc_9654pryzen_5_3500_firmwareepyc_7763epyc_9454_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareepyc_9374fepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareepyc_9334epyc_7203pepyc_7251_firmwareepyc_7401_firmwareepyc_7402p_firmwareryzen_5_5600ryzen_threadripper_3970xepyc_7351epyc_8434pnepyc_7543pepyc_8324pnryzen_threadripper_3970x_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_9554epyc_7502_firmwareepyc_7262_firmwareepyc_7371_firmwareepyc_9254_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7573xryzen_3_3100_firmwareepyc_7643pepyc_9684x_firmwareryzen_9_3900xryzen_7_3700xt_firmwareepyc_7232p_firmwareepyc_9534epyc_7702ryzen_5_5600xryzen_9_5900_firmwareryzen_5_3600xt_firmwareepyc_7373xepyc_7513_firmwareepyc_8124pn_firmwareryzen_5_3600x_firmwareepyc_7h12_firmwareepyc_9384x_firmwareryzen_threadripper_3960xepyc_75f3epyc_7001ryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_9184x_firmwareepyc_7343_firmwareepyc_9754s_firmwareepyc_7551epyc_8434p_firmwareepyc_9174f_firmwareepyc_7551pepyc_7313pepyc_9124_firmwareryzen_7_3800xt_firmwareryzen_3_3300xepyc_7352epyc_7713_firmwareepyc_8224pnepyc_7742epyc_7272epyc_9254epyc_7203p_firmwareepyc_9474f_firmwareepyc_7443p_firmwareryzen_7_5800xepyc_7773xryzen_9_3900epyc_8124pryzen_9_5900epyc_7261_firmwareepyc_7742_firmwareryzen_threadripper_pro_3795wxryzen_7_3800xepyc_7501_firmwareepyc_7301_firmwareepyc_7763_firmwareepyc_8534p_firmwareryzen_5_3600xtepyc_8124pnepyc_7302p_firmwareepyc_7663p_firmwareepyc_9354ryzen_5_3500xryzen_9_5950x_firmwareepyc_7642_firmwareepyc_7452epyc_7h12ryzen_7_5800x_firmwareepyc_7543p_firmwareepyc_7401pepyc_9554_firmwareepyc_7302epyc_7232pepyc_7663epyc_7552_firmwareepyc_7773x_firmwareryzen_5_3600xepyc_7371epyc_7f72ryzen_7_3800xtepyc_7473xepyc_8534pn_firmwareepyc_7451_firmwareepyc_9754ryzen_9_3950x_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7301epyc_7401p_firmwareepyc_9554pepyc_9654epyc_9684xepyc_7351pepyc_9474fepyc_7303_firmwareepyc_9754sepyc_7552epyc_7702p_firmwareepyc_7302_firmwareepyc_73f3_firmwareepyc_7702pepyc_9654p_firmwareepyc_7262epyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_9354_firmwareepyc_7452_firmwareryzen_9_3950xepyc_9354p_firmwareepyc_9224_firmwareryzen_5_3500epyc_7313_firmwareepyc_8224pn_firmwareepyc_7443pryzen_threadripper_pro_3945wxepyc_9184xryzen_5_3600epyc_7282epyc_9224epyc_7303epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_7_5700xepyc_73f34th Gen AMD EPYC™ ProcessorsAMD EPYC™ Embedded 3000AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD Ryzen™ Embedded 5000AMD EPYC™ Embedded 70033rd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS2nd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3AMD EPYC™ Embedded 70021st Gen AMD EPYC™ ProcessorsRyzen™ 3000 series Desktop Processors “Matisse"
CVE-2020-12988
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:50
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7261epyc_7451epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7h12epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7371epyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7261_firmwareepyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f31st/2nd/3rd Gen AMD EPYC™ Processors
CVE-2023-20509
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.03% / 5.89%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-04 Nov, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ RX 7000 Series Graphics CardsAMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ PRO W7000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics Cards
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26384
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.98%
||
7 Day CHG-0.01%
Published-14 Jul, 2022 | 19:28
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3200u_firmwareryzen_5_2700x_firmwareryzen_3_3450uryzen_5_5600hathlon_silver_3050u_firmwareryzen_3_3300uryzen_3_3550hryzen_5_5600gryzen_3_5425cryzen_3_5425u_firmwareryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_3750hryzen_3_2300u_firmwareryzen_7_5800hsryzen_9_5900hx_firmwareryzen_5_5600hsryzen_3_5300geryzen_3_2300uryzen_5_5600geryzen_7_5825uryzen_5_2600xryzen_7_5825u_firmwareryzen_3_3550h_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_7_2700u_firmwareryzen_7_5700geryzen_5_2700ryzen_3_3780u_firmwareryzen_3_5125cryzen_7_2800h_firmwareryzen_5_2700_firmwareryzen_3_3500u_firmwareryzen_3_3700cryzen_5_5560uryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_2500u_firmwareryzen_7_5700g_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_3_3500cryzen_3_3500uryzen_7_5700gryzen_9_5980hsryzen_3_5300g_firmwareryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_3_3200uryzen_7_5825c_firmwareryzen_5_2600ryzen_7_5800h_firmwareryzen_7_2700ryzen_7_2700x_firmwareryzen_5_5625c_firmwareryzen_3_3580u_firmwareathlon_silver_3050uryzen_3_3700u_firmwareryzen_5_2600hryzen_5_5625cryzen_3_5425uryzen_9_5980hx_firmwareryzen_5_5560u_firmwareryzen_7_2700uryzen_3_3750h_firmwareryzen_3_5400uryzen_3_3580uryzen_7_5825cryzen_3_3500c_firmwareryzen_7_5800uryzen_7_2800hryzen_5_2600h_firmwareryzen_3_3700uryzen_9_5900hxryzen_3_3700c_firmwareryzen_3_3250uryzen_5_5600g_firmwareryzen_9_5980hs_firmwareryzen_5_2600x_firmwareryzen_3_5300gathlon_gold_3150u_firmwareryzen_5_5600ge_firmwareryzen_5_5600hs_firmwareryzen_7_2700_firmwareryzen_3_5425c_firmwareathlon_gold_3150uryzen_5_5600h_firmwareryzen_3_3350u_firmwareryzen_5_2700xryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_3_3780uryzen_3_3250u_firmwareryzen_3_3300u_firmwareryzen_3_3450u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_7_5700ge_firmwareryzen_3_3350uAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12904
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.62%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:12
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26388
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.28%
||
7 Day CHG+0.01%
Published-11 May, 2022 | 16:29
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pepyc_7573xryzen_3_3100_firmwareepyc_7513ryzen_threadripper_2950x_firmwareryzen_9_5900x_firmwareryzen_5_2500uepyc_7232p_firmwareryzen_9_5980hxepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxepyc_7453ryzen_5_5600hsryzen_3_2300uepyc_7373xryzen_7_5825uepyc_7513_firmwareryzen_7_5825u_firmwareepyc_7542epyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_threadripper_pro_3975wxepyc_7643_firmwareryzen_threadripper_1950x_firmwareryzen_5_5560uepyc_7f52epyc_75f3ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_7343_firmwareryzen_7_5700u_firmwareryzen_3_2200u_firmwareryzen_threadripper_1900x_firmwareryzen_9_5900hsryzen_3_2200uepyc_7313pryzen_7_5700gryzen_threadripper_2920xryzen_9_5980hsryzen_3_5125c_firmwareepyc_7573x_firmwareryzen_5_5500u_firmwareryzen_7_2700x_firmwareryzen_7_2700ryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_5800h_firmwareepyc_7352ryzen_5_2600hepyc_7713_firmwareepyc_7742ryzen_5_5500epyc_7272ryzen_7_2700uryzen_3_5400uepyc_7713epyc_7443p_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_7_2800hepyc_7773xryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_7_5800x3dryzen_9_5980hs_firmwareryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_7_2700_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_5_5500uryzen_3_5400u_firmwareepyc_7742_firmwareryzen_9_5950xryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3200u_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343ryzen_5_5600hepyc_7252_firmwareryzen_threadripper_1920x_firmwareryzen_3_5300u_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gryzen_3_5425u_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pryzen_threadripper_1900xryzen_5_5600uryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5900hx_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareepyc_7302ryzen_5_2700ryzen_7_5700uryzen_3_5125cryzen_7_2800h_firmwareepyc_7232pryzen_threadripper_1950xryzen_threadripper_pro_3945wx_firmwareryzen_9_5900hs_firmwareepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7662ryzen_7_5700g_firmwareepyc_7642epyc_7473xryzen_threadripper_2970wx_firmwareryzen_threadripper_pro_5975wx_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_3_3200uepyc_7552epyc_7302pepyc_7702p_firmwareryzen_3_3300epyc_74f3_firmwareryzen_3_5425uepyc_7302_firmwareepyc_7763ryzen_threadripper_pro_3955wx_firmwareryzen_5_5560u_firmwareepyc_7402_firmwareryzen_9_5980hx_firmwareepyc_7713p_firmwareryzen_threadripper_1920xepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_7_5800uryzen_9_5900hxryzen_3_3250uryzen_5_5600g_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xryzen_7_5800hepyc_7543pepyc_7443pryzen_threadripper_3970x_firmwareryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_7282ryzen_7_5800hs_firmwareryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_5_5625u_firmwareryzen_7_5700xepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26345
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-1.9||LOW
EPSS-0.03% / 5.78%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:53
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_9254_firmwareepyc_7282_firmwareepyc_9354pepyc_7f32epyc_7272_firmwareepyc_7573xepyc_7713pepyc_7443epyc_7513epyc_7643pepyc_9684x_firmwareepyc_7232p_firmwareepyc_9534epyc_7702epyc_7203_firmwareepyc_7453epyc_7373xepyc_8224pepyc_7513_firmwareepyc_9334_firmwareepyc_8124pn_firmwareepyc_9454p_firmwareepyc_7542epyc_7303p_firmwareepyc_8024pn_firmwareepyc_9454epyc_7413_firmwareepyc_7h12_firmwareepyc_9754_firmwareepyc_9534_firmwareepyc_9384x_firmwareepyc_8024pnepyc_7643_firmwareepyc_7f52epyc_9274f_firmwareepyc_75f3epyc_7373x_firmwareepyc_7f32_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_9184x_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_8024pepyc_9754s_firmwareepyc_8434pepyc_9634_firmwareepyc_8434p_firmwareepyc_7643p_firmwareepyc_9174f_firmwareepyc_7313pepyc_9124_firmwareepyc_7573x_firmwareepyc_7352epyc_7303pepyc_7713_firmwareepyc_8224pnepyc_7742epyc_7272epyc_9254epyc_7203p_firmwareepyc_7713epyc_9474f_firmwareepyc_7443p_firmwareepyc_7773xepyc_8124pepyc_8324pn_firmwareepyc_9634epyc_9554p_firmwareepyc_8324p_firmwareepyc_7742_firmwareepyc_8024p_firmwareepyc_8124p_firmwareepyc_7663pepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7763_firmwareepyc_9274fepyc_8534p_firmwareepyc_9734epyc_9454pepyc_9734_firmwareepyc_8124pnepyc_7313p_firmwareepyc_7252epyc_7502pepyc_7302p_firmwareepyc_9124epyc_7663p_firmwareepyc_9354epyc_7642_firmwareepyc_7h12epyc_7452epyc_7543p_firmwareepyc_9374f_firmwareepyc_9554_firmwareepyc_7302epyc_8534pnepyc_7232pepyc_7203epyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_8224p_firmwareepyc_7f72epyc_9174fepyc_7662epyc_7642epyc_7473xepyc_8534pn_firmwareepyc_9754epyc_8534pepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_9654_firmwareepyc_9384xepyc_9554pepyc_9654epyc_9684xepyc_7313epyc_7663_firmwareepyc_9474fepyc_7303_firmwareepyc_9754sepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_9654pepyc_7302_firmwareepyc_7763epyc_9454_firmwareepyc_9374fepyc_7402_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7702pepyc_9654p_firmwareepyc_7f52_firmwareepyc_7262epyc_9334epyc_7203pepyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_9354_firmwareepyc_7452_firmwareepyc_7402p_firmwareepyc_9354p_firmwareepyc_8434pnepyc_9224_firmwareepyc_7313_firmwareepyc_7543pepyc_8224pn_firmwareepyc_7443pepyc_8324pnepyc_9184xepyc_7453_firmwareepyc_7282epyc_9224epyc_7303epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_9554epyc_73f34th Gen AMD EPYC™ ProcessorsAMD EPYC™ Embedded 70033rd Gen AMD EPYC™ Processors2nd Gen AMD EPYC™ ProcessorsAMD EPYC™ Embedded 7002
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26365
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.2||HIGH
EPSS-0.17% / 39.17%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:58
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_2300u_firmwareryzen_7_5700x_firmwareryzen_9_6900hxryzen_3_3250c_firmwareryzen_5_6600hsryzen_3_5300gryzen_7_6800u_firmwareryzen_7_5700uryzen_5_6600uryzen_5_5600_firmwareryzen_5_6600hs_firmwareamd_3015ceryzen_5_5600x_firmwareryzen_9_6980hx_firmwareryzen_5_3400gryzen_7_2700uryzen_5_6600u_firmwareryzen_7_5800xryzen_5_pro_3400geryzen_5_5600gryzen_5_pro_3350g_firmwareryzen_7_6800hsryzen_3_2300uryzen_7_5700xryzen_7_5800x3d_firmwareryzen_5_5600xryzen_3_pro_3200gryzen_9_6980hs_firmwareamd_3015eryzen_3_5300g_firmwareryzen_3_2200g_firmwareryzen_5_2500u_firmwareryzen_5_pro_3400g_firmwareryzen_5_2600hryzen_3_pro_3200ge_firmwareryzen_9_6980hxryzen_3_3200geryzen_3_3250u_firmwareryzen_7_2800hryzen_5_5600ge_firmwareryzen_5_5600ryzen_5_2400ge_firmwareryzen_5_pro_3350ge_firmwareryzen_5_5500_firmwareryzen_9_6900hsryzen_7_5700u_firmwareryzen_5_3400g_firmwareryzen_3_5300ge_firmwareryzen_3_2200u_firmwareryzen_9_5900ryzen_9_5900x_firmwareryzen_5_2400g_firmwareryzen_3_3200u_firmwareryzen_5_6600h_firmwareryzen_5_pro_3350geryzen_5_2600h_firmwareryzen_7_5700ge_firmwareryzen_3_2200gryzen_3_3200ge_firmwareryzen_5_5500uryzen_7_5800_firmwareryzen_5_pro_3400gryzen_3_5300u_firmwareryzen_7_5700geryzen_5_2500uryzen_3_3200g_firmwareryzen_7_5800x_firmwareryzen_5_pro_3350gryzen_7_5800x3damd_3015e_firmwareryzen_7_2800h_firmwareryzen_9_5900_firmwareryzen_7_5800ryzen_7_6800uamd_3015ce_firmwareryzen_9_6900hx_firmwareryzen_5_6600hryzen_3_3250uryzen_7_6800h_firmwareryzen_3_2200geryzen_5_5600geryzen_5_5600g_firmwareryzen_5_5500u_firmwareryzen_9_6980hsryzen_5_pro_3400ge_firmwareryzen_5_2400gryzen_9_5950xryzen_3_pro_2100ge_firmwareryzen_9_5900xryzen_3_3200gryzen_3_2200ge_firmwareryzen_7_2700u_firmwareryzen_7_6800hs_firmwareryzen_9_5950x_firmwareryzen_5_2400geryzen_3_5300uryzen_3_pro_2100geryzen_5_5500ryzen_9_6900hs_firmwareryzen_7_5700gryzen_7_6800hryzen_3_3200uryzen_3_3250cryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_3_5300geryzen_3_2200uryzen_7_5700g_firmwareAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”Ryzen™ 6000 Series Mobile Processors "Rembrandt"
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-46772
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-3.9||LOW
EPSS-0.04% / 9.57%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:50
Updated-05 Nov, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded V2000 Series ProcessorsAMD Ryzen™ Embedded 5000 Series ProcessorsAMD Ryzen™ Embedded R2000 Series ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD EPYC™ Embedded 7002 Series ProcessorsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ 7002 Series ProcessorsAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD EPYC™ Embedded 7003 Series ProcessorsAMD Ryzen™ Embedded V1000 Series ProcessorsAMD Ryzen™ Embedded V3000 Series ProcessorsAMD Ryzen™ Embedded R1000 Series ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsAMD EPYC™ 7003 Series ProcessorsAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-46768
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.80%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpi_firmwaremilanpiromepiromepi_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12905
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:40
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12911
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 21:13
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-atikmdag.sysAMD Graphics Driver for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12980
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:49
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12933
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 21:11
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-atikmdag.sysAMD Graphics Driver for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5146
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-25 Jan, 2020 | 17:53
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)
Product-workstationatidxx64AMD
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5147
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-25 Jan, 2020 | 17:53
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)
Product-workstationatidxx64AMD
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5098
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.57% / 67.61%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 17:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)Microsoft Corporation
Product-workstationradeon_rx_550_firmwareradeon_550_firmwareradeon_rx_550radeon_550windows_10AMD ATI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5124
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-25 Jan, 2020 | 17:53
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)
Product-workstationatidxx64AMD
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.97%
||
7 Day CHG~0.00%
Published-17 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 19:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArm Limited
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21186
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.71% / 81.58%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261079188

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9456
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 22:19
Updated-22 Nov, 2024 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0210
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.58%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 22:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-thriftjboss_enterprise_application_platformcommunications_cloud_native_core_network_slice_selection_functionenterprise_linux_serverApache Thrift
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20896
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 12:00
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (vCenter Server)VMware vCenter Server (vCenter Server)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21201
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.71% / 81.58%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263545186

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 19:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArm Limited
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7843
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.24%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:58
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-4577
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.27% / 88.36%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectDebian GNU/LinuxGoogle LLC
Product-chrome_osfedoradebian_linuxchromewebkitgtkn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2016-10197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.85%
||
7 Day CHG+0.54%
Published-15 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

Action-Not Available
Vendor-libevent_projectn/aDebian GNU/Linux
Product-libeventdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-38202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 19:25
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelhci_storage_nodehci_management_nodehci_bootstrap_oshci_compute_nodeelement_softwaresolidfiren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26003
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.39%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 08:12
Updated-23 Jan, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. 

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3150_firmwarecharx_sec-3050charx_sec-3000_firmwarecharx_sec-3100_firmwarecharx_sec-3100charx_sec-3000charx_sec-3150charx_sec-3050_firmwareCHARX SEC-3050CHARX SEC-3000CHARX SEC-3150CHARX SEC-3100charx_sec_3150charx_sec_3050charx_sec_3100charx_sec_3000
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23911
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.21%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:46
Updated-30 Jun, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

Action-Not Available
Vendor-nxtechDMG MORI Digital Co., LTD. and NEXT Co., Ltd.cente
Product-cente_ipv6cente_ipv6_snmpv3cente_ipv6_snmpv2Cente IPv6 SNMPv3Cente IPv6 SNMPv2Cente IPv6ipv6ipv6_snmpv3ipv6_snmpv2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-25201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.31%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-17 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.

Action-Not Available
Vendor-espruinon/a
Product-espruinon/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 00:00
Updated-31 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Action-Not Available
Vendor-athonetHewlett Packard Enterprise (HPE)
Product-HPE Athonet Corevepc_mmc
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.16%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 00:00
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-magman/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3839
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 15:52
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Action-Not Available
Vendor-dpdkn/aRed Hat, Inc.Fedora Project
Product-enterprise_linux_fast_datapathfedoradata_plane_development_kitenterprise_linuxdpdk
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found