ByteOS

Product

2nd Gen EPYC

Package Name

AGESA

Platforms

Default Status

unaffected

Versions

Affected

various

Vendor

Product

3rd Gen EPYC

Package Name

AGESA

Platforms

Default Status

unaffected

Versions

Affected

various

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	vendor-advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	vendor-advisory x_transferred

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-125	CWE-125 Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: CWE-125 Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:11 Jan, 2023 | 08:15

Updated At:07 Nov, 2023 | 03:40

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CPE Matches

cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*

>>romepi_firmware>>Versions before 1.0.0.d(exclusive)

cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*

>>romepi>>-

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

>>milanpi_firmware>>Versions before 1.0.0.5(exclusive)

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

>>milanpi>>-

Weaknesses

CWE ID	Type	Source
CWE-125	Primary	nvd@nist.gov

CWE ID: CWE-125

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	psirt@amd.com	Vendor Advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Source: psirt@amd.com

Resource:

Vendor Advisory

Similar CVEs

182Records found

CVE-2020-12933

Matching Score-10

Matching Score-10

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 13.21%

7 Day CHG~0.00%

Published-13 Oct, 2020 | 21:11

Updated-04 Aug, 2024 | 12:11

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

Vendor-n/a Advanced Micro Devices, Inc.

Product-atikmdag.sys AMD Graphics Driver for Windows

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-12911

Matching Score-10

Matching Score-10

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 13.21%

7 Day CHG~0.00%

Published-13 Oct, 2020 | 21:13

Updated-04 Aug, 2024 | 12:11

A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.

Vendor-n/a Advanced Micro Devices, Inc.

Product-atikmdag.sys AMD Graphics Driver for Windows

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-26388

Matching Score-10

Matching Score-10

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.30%

7 Day CHG+0.01%

Published-11 May, 2022 | 16:29

Updated-16 Sep, 2024 | 23:01

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46791

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 11.90%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:56

Updated-09 Apr, 2025 | 14:46

Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.

Product-milanpi_firmware milanpi 3rd Gen EPYC

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-12920

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.16%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 15:50

Updated-16 Sep, 2024 | 18:49

A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.

Product-radeon_software AMD Radeon Software

CVE-2021-26355

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.50%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:56

Updated-09 Apr, 2025 | 14:56

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2021-26321

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.15% / 35.62%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:07

Updated-16 Sep, 2024 | 18:56

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7371_firmware epyc_7443_firmware epyc_7402p epyc_7451 epyc_7261 epyc_7282_firmware epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7f32 epyc_7542_firmware epyc_7551_firmware epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7351p_firmware epyc_7302p_firmware epyc_7453 epyc_7642_firmware epyc_7h12 epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7281_firmware epyc_7413_firmware epyc_7h12_firmware epyc_7601 epyc_7302 epyc_7232p epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_7371 epyc_72f3_firmware epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7f72_firmware epyc_7662_firmware epyc_7502 epyc_75f3_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7551 epyc_7281 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7401 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7443p_firmware epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7452_firmware epyc_7402p_firmware epyc_7351 epyc_7261_firmware epyc_7543p epyc_7313_firmware epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7301_firmware epyc_73f3 2nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-26352

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.62%

7 Day CHG-0.01%

Published-10 May, 2022 | 18:26

Updated-16 Sep, 2024 | 16:58

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26330

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.16%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:19

Updated-16 Sep, 2024 | 18:12

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7443_firmware epyc_7402p epyc_7343 epyc_7451 epyc_7252_firmware epyc_7282_firmware epyc_7543_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7551_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7351p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7401p epyc_7281_firmware epyc_7413_firmware epyc_7302 epyc_7601 epyc_7232p epyc_7002 epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_72f3_firmware epyc_7001 epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7001_firmware epyc_75f3_firmware epyc_7662_firmware epyc_7f72_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7281 epyc_7551 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7401p_firmware epyc_7002_firmware epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7763 epyc_7302_firmware epyc_7713_firmware epyc_7401 epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7003_firmware epyc_7443p_firmware epyc_7003 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7351 epyc_7313_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_74f3 epyc_7352_firmware epyc_7301_firmware epyc_73f3 2nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-26329

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.16%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 17:57

Updated-16 Sep, 2024 | 22:24

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.

CWE ID-CWE-130

Improper Handling of Length Parameter Inconsistency

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2021-26320

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 10.18%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:05

Updated-16 Sep, 2024 | 18:34

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP

CWE ID-CWE-295

Improper Certificate Validation

CVE-2021-26339

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.08% / 24.22%

7 Day CHG+0.01%

Published-11 May, 2022 | 16:18

Updated-17 Sep, 2024 | 01:56

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.

CVE-2024-21971

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 14.75%

7 Day CHG~0.00%

Published-12 Feb, 2025 | 00:01

Updated-12 Feb, 2025 | 15:32

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-21949

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 10.39%

7 Day CHG~0.00%

Published-12 Nov, 2024 | 17:15

Updated-15 Nov, 2024 | 19:20

Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.

Product-ryzen_ai_software AMD Ryzen™ AI Software ryzen_ai_software

CWE ID-CWE-20

Improper Input Validation

CVE-2023-31341

Matching Score-8

Matching Score-8

CVSS Score-7.3||HIGH

EPSS-0.02% / 4.20%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:57

Updated-26 Feb, 2025 | 07:14

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

Product-uprof μProf Tool amd_uprof

CWE ID-CWE-284

Improper Access Control

CVE-2023-31366

Matching Score-8

Matching Score-8

CVSS Score-3.3||LOW

EPSS-0.04% / 9.84%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:57

Updated-12 Dec, 2024 | 01:21

Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.

Product-uprof μProf Tool

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26375

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 19.80%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:20

Updated-17 Sep, 2024 | 03:43

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.

CVE-2021-26346

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.50%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 19:50

Updated-09 Apr, 2025 | 15:14

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Vendor-AMD Advanced Micro Devices, Inc.

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2021-26376

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.53%

7 Day CHG+0.01%

Published-11 May, 2022 | 16:28

Updated-16 Sep, 2024 | 17:58

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.

CVE-2023-20556

Matching Score-8

Matching Score-8

Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, Inc Microsoft Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 17.52%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 17:14

Updated-10 Oct, 2024 | 16:01

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

Product-windows amd_uprof linux_kernel μProf

CVE-2020-12960

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.16%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 19:47

Updated-17 Sep, 2024 | 03:53

AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-20

Improper Input Validation

CVE-2021-46748

Matching Score-8

Matching Score-8

Product-radeon_rx_7700s ryzen_5_pro_3200ge radeon_pro_w6900x ryzen_3_5300u radeon_rx_5700m radeon_rx_vega_m_firmware radeon_pro_w6500m radeon_rx_7900_gre radeon_rx_vega_56 core_i5-8305g radeon_pro_vega_56_firmware ryzen_5_4600hs radeon_rx_5600 ryzen_7_4980u radeon_rx_5300m radeon_rx_7900m ryzen_3_3015ce radeon_rx_7900_xt radeon_rx_5500_xt radeon_rx_6600s radeon_rx_6650m nuc_8_enthusiast_nuc8i7hvkvaw radeon_rx_6650_xt radeon_pro_w6800x radeon_rx_6700_xt ryzen_5_pro_3400g radeon_rx_7600m_xt ryzen_5_pro_3350ge ryzen_5_5600g ryzen_5_pro_3400ge radeon_pro_w6600 radeon_pro_vega_64 radeon_rx_6700m ryzen_5_4680u ryzen_5_5500u nuc_8_enthusiast_nuc8i7hvkva radeon_pro_w7600 radeon_rx_6650m_xt radeon_rx_6700 radeon_rx_7700_xt radeon_rx_7600s radeon_rx_6550m radeon_rx_5600_xt radeon_rx_6850m_xt radeon_rx_6550s radeon_pro_w5700 radeon_rx_6800 ryzen_7_4800h ryzen_3_3015e radeon_software radeon_rx_6600m radeon_rx_5500m radeon_rx_7900_xtx ryzen_7_5700g nuc_8_enthusiast_nuc8i7hnkqc radeon_rx_6900_xt radeon_rx_5600m radeon_rx_6950_xt ryzen_3_4300ge ryzen_5_pro_3200g radeon_rx_vega_64_firmware ryzen_7_4700g ryzen_3_4300g ryzen_9_4900hs radeon_rx_5700_xt radeon_rx_6500m core_i7-8706g radeon_rx_6800_xt radeon_pro_w6400 radeon_rx_6500_xt radeon_rx_5700 radeon_rx_6450m radeon_rx_7800_xt ryzen_5_4500u radeon_rx_5300 radeon_pro_w5500x radeon_pro_w6300m ryzen_5_4600u radeon_pro_w6800x_duo radeon_pro_vega_64_firmware radeon_rx_5500 ryzen_7_4700ge ryzen_9_4900h radeon_rx_6400 radeon_rx_6600_xt radeon_pro_vega_56 ryzen_7_5700u radeon_rx_6800m radeon_rx_6300m ryzen_5_4600ge radeon_rx_7600 radeon_pro_w6300 radeon_pro_w6600x ryzen_5_5500h radeon_pro_w7500 radeon_rx_vega_56_firmware radeon_rx_7600m core_i7-8709g ryzen_7_4700u radeon_pro_w6600m ryzen_5_5600ge core_i7-8705g ryzen_3_4300u radeon_pro_w5500 ryzen_3_5300ge ryzen_5_4500 ryzen_3_4100 ryzen_7_4800hs radeon_pro_w5700x radeon_pro_w6800 ryzen_7_5700ge radeon_rx_6600 radeon_rx_vega_64 ryzen_3_5300g ryzen_5_4600g nuc_kit_nuc8i7hnk nuc_kit_nuc8i7hvk ryzen_5_pro_3350g ryzen_5_4600h radeon_pro_w7800 radeon_rx_6700s radeon_rx_5300_xt radeon_rx_6800s Radeon™ RX Vega Series Graphics Cards Radeon™ PRO WX Vega Series Graphics Cards Radeon™ RX 5000/6000/7000 Series Graphics Cards Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 28.78%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:50

Updated-13 Feb, 2025 | 17:15

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

Vendor-Intel Corporation Advanced Micro Devices, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-20561

Matching Score-8

Matching Score-8

Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, Inc Microsoft Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 17.52%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 17:14

Updated-10 Oct, 2024 | 16:00

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

Product-windows amd_uprof linux_kernel μProf

CVE-2021-26373

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.53%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:27

Updated-16 Sep, 2024 | 16:32

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26372

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.53%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:18

Updated-16 Sep, 2024 | 19:15

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

Product-epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7282_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7573x epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7373x epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7302 epyc_7413_firmware epyc_7232p epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_7773x_firmware epyc_7373x_firmware epyc_72f3_firmware epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7662_firmware epyc_7f72_firmware epyc_75f3_firmware epyc_7642 epyc_7473x epyc_7473x_firmware epyc_7343_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_7313p epyc_7663_firmware epyc_7573x_firmware epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7443p_firmware epyc_7773x epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_73f3 Athlon™ Series Ryzen™ Series EPYC™ Processors

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26351

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.62%

7 Day CHG-0.01%

Published-12 May, 2022 | 17:18

Updated-16 Sep, 2024 | 22:41

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26336

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.62%

7 Day CHG-0.01%

Published-16 Nov, 2021 | 18:04

Updated-16 Sep, 2024 | 17:33

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26378

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.53%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:23

Updated-16 Sep, 2024 | 20:22

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26325

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.16%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:23

Updated-16 Sep, 2024 | 16:28

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-26364

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG+0.02%

Published-11 May, 2022 | 16:25

Updated-16 Sep, 2024 | 20:42

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2019-5147

Matching Score-6

Assigner-Talos

Matching Score-6

Assigner-Talos

CVSS Score-8.6||HIGH

EPSS-0.45% / 62.53%

7 Day CHG~0.00%

Published-25 Jan, 2020 | 17:53

Updated-04 Aug, 2024 | 19:47

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vendor-n/a Advanced Micro Devices, Inc.VMware (Broadcom Inc.)

Product-workstation atidxx64 AMD

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-5146

Matching Score-6

Assigner-Talos

Matching Score-6

Assigner-Talos

CVSS Score-8.6||HIGH

EPSS-0.45% / 62.53%

7 Day CHG~0.00%

Published-25 Jan, 2020 | 17:53

Updated-04 Aug, 2024 | 19:47

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vendor-n/a Advanced Micro Devices, Inc.VMware (Broadcom Inc.)

Product-workstation atidxx64 AMD

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-5124

Matching Score-6

Assigner-Talos

Matching Score-6

Assigner-Talos

CVSS Score-8.6||HIGH

EPSS-0.45% / 62.53%

7 Day CHG~0.00%

Published-25 Jan, 2020 | 17:53

Updated-04 Aug, 2024 | 19:47

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vendor-n/a Advanced Micro Devices, Inc.VMware (Broadcom Inc.)

Product-workstation atidxx64 AMD

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46749

Matching Score-6

Matching Score-6

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.98%

7 Day CHG~0.00%

Published-09 May, 2023 | 18:59

Updated-28 Jan, 2025 | 16:15

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Product-ryzen_2600x athlon_gold_3150ge ryzen_3600x_firmware ryzen_3800x ryzen_1200_\(af\)_firmware ryzen_3300x ryzen_5300ge ryzen_3600 ryzen_5995wx ryzen_2920x_firmware ryzen_5600 ryzen_5955wx ryzen_5800x_firmware ryzen_2700e ryzen_2600_firmware ryzen_5500_firmware ryzen_5900 ryzen_3600x ryzen_2920x ryzen_pro_2100ge_firmware ryzen_2970wx_firmware ryzen_3800x_firmware ryzen_3600xt_firmware ryzen_5700x ryzen_5600x ryzen_2300x_firmware ryzen_5300g_firmware ryzen_5700ge ryzen_2600e_firmware ryzen_2950x ryzen_3900xt_firmware ryzen_2600 ryzen_3600_firmware ryzen_2500x ryzen_5600x_firmware ryzen_3900xt ryzen_5945wx_firmware ryzen_2990wx_firmware athlon_gold_3150g_firmware ryzen_5800_firmware ryzen_2990wx ryzen_3100_firmware ryzen_3500_firmware ryzen_2500x_firmware ryzen_5300g ryzen_2200ge ryzen_2200ge_firmware ryzen_3900 ryzen_5975wx ryzen_2200g ryzen_2950x_firmware ryzen_2600e ryzen_2700_firmware ryzen_5800 ryzen_3800xt_firmware ryzen_5800x ryzen_5800x3d_firmware ryzen_3300x_firmware athlon_silver_3050ge ryzen_2970wx athlon_silver_3050ge_firmware ryzen_3800xt ryzen_5500 ryzen_2700x_firmware ryzen_3900x ryzen_2600x_firmware ryzen_5955wx_firmware ryzen_3500 ryzen_5300ge_firmware ryzen_2400ge_firmware ryzen_3950x ryzen_5995wx_firmware ryzen_5950x_firmware athlon_gold_3150g ryzen_1200_\(af\)ryzen_5700g_firmware ryzen_5900_firmware ryzen_3600xt ryzen_5600ge_firmware ryzen_5600g ryzen_5950x ryzen_2400g ryzen_pro_2100ge ryzen_5600_firmware ryzen_2700x ryzen_5965wx_firmware ryzen_5600g_firmware ryzen_2400ge ryzen_5945wx ryzen_5965wx ryzen_5700g ryzen_5600ge ryzen_3900_firmware ryzen_2700 ryzen_2200g_firmware ryzen_5900x ryzen_3950x_firmware ryzen_5700ge_firmware ryzen_3100 ryzen_1600_\(af\)ryzen_2300x ryzen_1600_\(af\)_firmware ryzen_3500x ryzen_3500x_firmware ryzen_2400g_firmware ryzen_5900x_firmware ryzen_5700x_firmware ryzen_5975wx_firmware ryzen_5800x3d ryzen_3900x_firmware ryzen_2700e_firmware athlon_gold_3150ge_firmware Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WS Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-5098

Matching Score-6

Assigner-Talos

Vendor-n/a Advanced Micro Devices, Inc.VMware (Broadcom Inc.)Microsoft Corporation

Matching Score-6

Assigner-Talos

CVSS Score-8.6||HIGH

EPSS-0.57% / 67.62%

7 Day CHG~0.00%

Published-05 Dec, 2019 | 17:24

Updated-04 Aug, 2024 | 19:47

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Product-workstation radeon_rx_550_firmware radeon_550_firmware radeon_rx_550 radeon_550 windows_10 AMD ATI

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-12904

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 16.65%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 15:12

Updated-16 Sep, 2024 | 16:38

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-26384

Matching Score-6

Matching Score-6

CVSS Score-7.8||HIGH

EPSS-0.14% / 33.99%

7 Day CHG-0.01%

Published-14 Jul, 2022 | 19:28

Updated-16 Sep, 2024 | 23:15

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

Product-ryzen_3_3200u_firmware ryzen_5_2700x_firmware ryzen_3_3450u ryzen_5_5600h athlon_silver_3050u_firmware ryzen_3_3300u ryzen_3_3550h ryzen_5_5600g ryzen_3_5425c ryzen_3_5425u_firmware ryzen_5_5600u ryzen_5_2500u ryzen_9_5980hx ryzen_3_3750h ryzen_3_2300u_firmware ryzen_7_5800hs ryzen_9_5900hx_firmware ryzen_5_5600hs ryzen_3_5300ge ryzen_3_2300u ryzen_5_5600ge ryzen_7_5825u ryzen_5_2600x ryzen_7_5825u_firmware ryzen_3_3550h_firmware ryzen_3_5300ge_firmware ryzen_5_5625u ryzen_7_2700u_firmware ryzen_7_5700ge ryzen_5_2700 ryzen_3_3780u_firmware ryzen_3_5125c ryzen_7_2800h_firmware ryzen_5_2700_firmware ryzen_3_3500u_firmware ryzen_3_3700c ryzen_5_5560u ryzen_9_5900hs_firmware ryzen_5_5600u_firmware ryzen_5_2500u_firmware ryzen_7_5700g_firmware ryzen_3_2200u_firmware ryzen_9_5900hs ryzen_3_2200u ryzen_7_2700x ryzen_3_3500c ryzen_3_3500u ryzen_7_5700g ryzen_9_5980hs ryzen_3_5300g_firmware ryzen_3_5125c_firmware ryzen_7_5800u_firmware ryzen_3_3200u ryzen_7_5825c_firmware ryzen_5_2600 ryzen_7_5800h_firmware ryzen_7_2700 ryzen_7_2700x_firmware ryzen_5_5625c_firmware ryzen_3_3580u_firmware athlon_silver_3050u ryzen_3_3700u_firmware ryzen_5_2600h ryzen_5_5625c ryzen_3_5425u ryzen_9_5980hx_firmware ryzen_5_5560u_firmware ryzen_7_2700u ryzen_3_3750h_firmware ryzen_3_5400u ryzen_3_3580u ryzen_7_5825c ryzen_3_3500c_firmware ryzen_7_5800u ryzen_7_2800h ryzen_5_2600h_firmware ryzen_3_3700u ryzen_9_5900hx ryzen_3_3700c_firmware ryzen_3_3250u ryzen_5_5600g_firmware ryzen_9_5980hs_firmware ryzen_5_2600x_firmware ryzen_3_5300g athlon_gold_3150u_firmware ryzen_5_5600ge_firmware ryzen_5_5600hs_firmware ryzen_7_2700_firmware ryzen_3_5425c_firmware athlon_gold_3150u ryzen_5_5600h_firmware ryzen_3_3350u_firmware ryzen_5_2700x ryzen_7_5800h ryzen_3_5400u_firmware ryzen_5_2600_firmware ryzen_3_3780u ryzen_3_3250u_firmware ryzen_3_3300u_firmware ryzen_3_3450u_firmware ryzen_7_5800hs_firmware ryzen_5_5625u_firmware ryzen_7_5700ge_firmware ryzen_3_3350u Athlon™ Series Ryzen™ Series

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-26345

Matching Score-6

Matching Score-6

CVSS Score-1.9||LOW

EPSS-0.03% / 5.82%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:53

Updated-03 Aug, 2024 | 20:26

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_9254_firmware epyc_7282_firmware epyc_9354p epyc_7f32 epyc_7272_firmware epyc_7573x epyc_7713p epyc_7443 epyc_7513 epyc_7643p epyc_9684x_firmware epyc_7232p_firmware epyc_9534 epyc_7702 epyc_7203_firmware epyc_7453 epyc_7373x epyc_8224p epyc_7513_firmware epyc_9334_firmware epyc_8124pn_firmware epyc_9454p_firmware epyc_7542 epyc_7303p_firmware epyc_8024pn_firmware epyc_9454 epyc_7413_firmware epyc_7h12_firmware epyc_9754_firmware epyc_9534_firmware epyc_9384x_firmware epyc_8024pn epyc_7643_firmware epyc_7f52 epyc_9274f_firmware epyc_75f3 epyc_7373x_firmware epyc_7f32_firmware epyc_7f72_firmware epyc_7662_firmware epyc_7502 epyc_75f3_firmware epyc_9184x_firmware epyc_7473x_firmware epyc_7343_firmware epyc_8024p epyc_9754s_firmware epyc_8434p epyc_9634_firmware epyc_8434p_firmware epyc_7643p_firmware epyc_9174f_firmware epyc_7313p epyc_9124_firmware epyc_7573x_firmware epyc_7352 epyc_7303p epyc_7713_firmware epyc_8224pn epyc_7742 epyc_7272 epyc_9254 epyc_7203p_firmware epyc_7713 epyc_9474f_firmware epyc_7443p_firmware epyc_7773x epyc_8124p epyc_8324pn_firmware epyc_9634 epyc_9554p_firmware epyc_8324p_firmware epyc_7742_firmware epyc_8024p_firmware epyc_8124p_firmware epyc_7663p epyc_7443_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7542_firmware epyc_7763_firmware epyc_9274f epyc_8534p_firmware epyc_9734 epyc_9454p epyc_9734_firmware epyc_8124pn epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7302p_firmware epyc_9124 epyc_7663p_firmware epyc_9354 epyc_7642_firmware epyc_7h12 epyc_7452 epyc_7543p_firmware epyc_9374f_firmware epyc_9554_firmware epyc_7302 epyc_8534pn epyc_7232p epyc_7203 epyc_7663 epyc_7552_firmware epyc_7773x_firmware epyc_72f3_firmware epyc_8224p_firmware epyc_7f72 epyc_9174f epyc_7662 epyc_7642 epyc_7473x epyc_8534pn_firmware epyc_9754 epyc_8534p epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_9654_firmware epyc_9384x epyc_9554p epyc_9654 epyc_9684x epyc_7313 epyc_7663_firmware epyc_9474f epyc_7303_firmware epyc_9754s epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_9654p epyc_7302_firmware epyc_7763 epyc_9454_firmware epyc_9374f epyc_7402_firmware epyc_7713p_firmware epyc_73f3_firmware epyc_7702p epyc_9654p_firmware epyc_7f52_firmware epyc_7262 epyc_9334 epyc_7203p epyc_8434pn_firmware epyc_8324p epyc_72f3 epyc_7643 epyc_9354_firmware epyc_7452_firmware epyc_7402p_firmware epyc_9354p_firmware epyc_8434pn epyc_9224_firmware epyc_7313_firmware epyc_7543p epyc_8224pn_firmware epyc_7443p epyc_8324pn epyc_9184x epyc_7453_firmware epyc_7282 epyc_9224 epyc_7303 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_9554 epyc_73f3 4th Gen AMD EPYC™ Processors AMD EPYC™ Embedded 7003 3rd Gen AMD EPYC™ Processors 2nd Gen AMD EPYC™ Processors AMD EPYC™ Embedded 7002

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-20509

Matching Score-6

Matching Score-6

CVSS Score-5.2||MEDIUM

EPSS-0.03% / 5.92%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:52

Updated-04 Nov, 2024 | 18:35

An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity.

Product-AMD Radeon™ RX 7000 Series Graphics Cards AMD Radeon™ PRO W6000 Series Graphics Cards AMD Radeon™ PRO W7000 Series Graphics Cards AMD Radeon™ RX 6000 Series Graphics Cards

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46765

Matching Score-6

Matching Score-6

CVSS Score-7.5||HIGH

EPSS-0.11% / 30.85%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:01

Updated-27 Jan, 2025 | 18:15

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

Product-ryzen_6980hx ryzen_5500_firmware ryzen_3800x ryzen_3900x ryzen_3900 ryzen_5600g ryzen_3500x_firmware ryzen_5600 ryzen_5700x ryzen_5800x3d_firmware ryzen_3500_firmware ryzen_3900_firmware ryzen_6980hs ryzen_5975wx_firmware ryzen_5965wx ryzen_5900x_firmware ryzen_6800u_firmware ryzen_5900x ryzen_3500x ryzen_5800 ryzen_3600 ryzen_6800hs ryzen_3900xt_firmware ryzen_6600u ryzen_5800x_firmware ryzen_3500 ryzen_5500 ryzen_5600ge ryzen_6800hs_firmware ryzen_5955wx ryzen_5900 ryzen_6800u ryzen_6900hx ryzen_5800_firmware ryzen_3600x ryzen_5950x ryzen_5600g_firmware ryzen_6900hs ryzen_3300x ryzen_3950x_firmware ryzen_3800x_firmware ryzen_5955wx_firmware ryzen_3900xt ryzen_6800h_firmware ryzen_5600ge_firmware ryzen_5945wx_firmware ryzen_5700ge ryzen_3600xt ryzen_5800x ryzen_3600x_firmware ryzen_5995wx_firmware ryzen_3900x_firmware ryzen_6900hs_firmware ryzen_5700g ryzen_6900hx_firmware ryzen_6600h ryzen_5600x ryzen_5700ge_firmware ryzen_5300g_firmware ryzen_5700x_firmware ryzen_5965wx_firmware ryzen_5300ge_firmware ryzen_5600_firmware ryzen_3950x ryzen_5300ge ryzen_5600x_firmware ryzen_6980hx_firmware ryzen_3800xt ryzen_6980hs_firmware ryzen_5950x_firmware ryzen_3800xt_firmware ryzen_6600hs_firmware ryzen_6600u_firmware ryzen_5995wx ryzen_3100_firmware ryzen_3300x_firmware ryzen_6800h ryzen_3600xt_firmware ryzen_5300g ryzen_5700g_firmware ryzen_5945wx ryzen_3600_firmware ryzen_3100 ryzen_5800x3d ryzen_6600h_firmware ryzen_5975wx ryzen_5900_firmware ryzen_6600hs Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Ryzen™ 6000 Series Mobile Processors "Rembrandt"Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46772

Matching Score-6

Matching Score-6

CVSS Score-3.9||LOW

EPSS-0.04% / 9.60%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:50

Updated-05 Nov, 2024 | 22:35

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46794

Matching Score-6

Matching Score-6

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.98%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:01

Updated-28 Jan, 2025 | 16:15

Product-ryzen_2600x athlon_gold_3150ge ryzen_3600x_firmware ryzen_3800x ryzen_1200_\(af\)_firmware ryzen_3300x ryzen_5300ge ryzen_3600 ryzen_5995wx ryzen_2920x_firmware ryzen_5600 ryzen_5955wx ryzen_5800x_firmware ryzen_2700e ryzen_2600_firmware ryzen_5500_firmware ryzen_5900 ryzen_3600x ryzen_2920x ryzen_pro_2100ge_firmware ryzen_2970wx_firmware ryzen_3800x_firmware ryzen_3600xt_firmware ryzen_5700x ryzen_5600x ryzen_2300x_firmware ryzen_5300g_firmware ryzen_5700ge ryzen_2600e_firmware ryzen_2950x ryzen_3900xt_firmware ryzen_2600 ryzen_3600_firmware ryzen_2500x ryzen_5600x_firmware ryzen_3900xt ryzen_5945wx_firmware ryzen_2990wx_firmware athlon_gold_3150g_firmware ryzen_5800_firmware ryzen_2990wx ryzen_3100_firmware ryzen_3500_firmware ryzen_2500x_firmware ryzen_5300g ryzen_2200ge ryzen_2200ge_firmware ryzen_3900 ryzen_5975wx ryzen_2200g ryzen_2950x_firmware ryzen_2600e ryzen_2700_firmware ryzen_5800 ryzen_3800xt_firmware ryzen_5800x ryzen_5800x3d_firmware ryzen_3300x_firmware athlon_silver_3050ge ryzen_2970wx athlon_silver_3050ge_firmware ryzen_3800xt ryzen_5500 ryzen_2700x_firmware ryzen_3900x ryzen_2600x_firmware ryzen_5955wx_firmware ryzen_3500 ryzen_5300ge_firmware ryzen_2400ge_firmware ryzen_3950x ryzen_5995wx_firmware ryzen_5950x_firmware athlon_gold_3150g ryzen_1200_\(af\)ryzen_5700g_firmware ryzen_5900_firmware ryzen_3600xt ryzen_5600ge_firmware ryzen_5600g ryzen_5950x ryzen_2400g ryzen_pro_2100ge ryzen_5600_firmware ryzen_2700x ryzen_5965wx_firmware ryzen_5600g_firmware ryzen_2400ge ryzen_5945wx ryzen_5965wx ryzen_5700g ryzen_5600ge ryzen_3900_firmware ryzen_2700 ryzen_2200g_firmware ryzen_5900x ryzen_3950x_firmware ryzen_5700ge_firmware ryzen_3100 ryzen_1600_\(af\)ryzen_2300x ryzen_1600_\(af\)_firmware ryzen_3500x ryzen_3500x_firmware ryzen_2400g_firmware ryzen_5900x_firmware ryzen_5700x_firmware ryzen_5975wx_firmware ryzen_5800x3d ryzen_3900x_firmware ryzen_2700e_firmware athlon_gold_3150ge_firmware Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WS Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-12905

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.83%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 19:40

Updated-17 Sep, 2024 | 00:36

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-12980

Matching Score-6

Matching Score-6

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.38%

7 Day CHG~0.00%

Published-11 Jun, 2021 | 21:49

Updated-17 Sep, 2024 | 03:22

An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software radeon_pro_software windows_10 AMD Radeon Software

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-26365

Matching Score-6

Matching Score-6

CVSS Score-8.2||HIGH

EPSS-0.17% / 39.16%

7 Day CHG~0.00%

Published-09 May, 2023 | 18:58

Updated-28 Jan, 2025 | 16:15

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Product-ryzen_3_2300u_firmware ryzen_7_5700x_firmware ryzen_9_6900hx ryzen_3_3250c_firmware ryzen_5_6600hs ryzen_3_5300g ryzen_7_6800u_firmware ryzen_7_5700u ryzen_5_6600u ryzen_5_5600_firmware ryzen_5_6600hs_firmware amd_3015ce ryzen_5_5600x_firmware ryzen_9_6980hx_firmware ryzen_5_3400g ryzen_7_2700u ryzen_5_6600u_firmware ryzen_7_5800x ryzen_5_pro_3400ge ryzen_5_5600g ryzen_5_pro_3350g_firmware ryzen_7_6800hs ryzen_3_2300u ryzen_7_5700x ryzen_7_5800x3d_firmware ryzen_5_5600x ryzen_3_pro_3200g ryzen_9_6980hs_firmware amd_3015e ryzen_3_5300g_firmware ryzen_3_2200g_firmware ryzen_5_2500u_firmware ryzen_5_pro_3400g_firmware ryzen_5_2600h ryzen_3_pro_3200ge_firmware ryzen_9_6980hx ryzen_3_3200ge ryzen_3_3250u_firmware ryzen_7_2800h ryzen_5_5600ge_firmware ryzen_5_5600 ryzen_5_2400ge_firmware ryzen_5_pro_3350ge_firmware ryzen_5_5500_firmware ryzen_9_6900hs ryzen_7_5700u_firmware ryzen_5_3400g_firmware ryzen_3_5300ge_firmware ryzen_3_2200u_firmware ryzen_9_5900 ryzen_9_5900x_firmware ryzen_5_2400g_firmware ryzen_3_3200u_firmware ryzen_5_6600h_firmware ryzen_5_pro_3350ge ryzen_5_2600h_firmware ryzen_7_5700ge_firmware ryzen_3_2200g ryzen_3_3200ge_firmware ryzen_5_5500u ryzen_7_5800_firmware ryzen_5_pro_3400g ryzen_3_5300u_firmware ryzen_7_5700ge ryzen_5_2500u ryzen_3_3200g_firmware ryzen_7_5800x_firmware ryzen_5_pro_3350g ryzen_7_5800x3d amd_3015e_firmware ryzen_7_2800h_firmware ryzen_9_5900_firmware ryzen_7_5800 ryzen_7_6800u amd_3015ce_firmware ryzen_9_6900hx_firmware ryzen_5_6600h ryzen_3_3250u ryzen_7_6800h_firmware ryzen_3_2200ge ryzen_5_5600ge ryzen_5_5600g_firmware ryzen_5_5500u_firmware ryzen_9_6980hs ryzen_5_pro_3400ge_firmware ryzen_5_2400g ryzen_9_5950x ryzen_3_pro_2100ge_firmware ryzen_9_5900x ryzen_3_3200g ryzen_3_2200ge_firmware ryzen_7_2700u_firmware ryzen_7_6800hs_firmware ryzen_9_5950x_firmware ryzen_5_2400ge ryzen_3_5300u ryzen_3_pro_2100ge ryzen_5_5500 ryzen_9_6900hs_firmware ryzen_7_5700g ryzen_7_6800h ryzen_3_3200u ryzen_3_3250c ryzen_3_pro_3200ge ryzen_3_pro_3200g_firmware ryzen_3_5300ge ryzen_3_2200u ryzen_7_5700g_firmware Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”Ryzen™ 6000 Series Mobile Processors "Rembrandt"

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-47586

Matching Score-4

Assigner-kernel.org

Matching Score-4

Assigner-kernel.org

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 0.78%

7 Day CHG~0.00%

Published-19 Jun, 2024 | 14:53

Updated-04 May, 2025 | 07:14

net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. It seems that mostly this happens to contain zero anyway, so we get lucky and everything still works. To avoid adding redundant data to nearly all the ops structures, add a new flag to indicate whether the regs field is valid and avoid this loop when it is not.

Vendor-Linux Kernel Organization, Inc

Product-linux_kernel Linux

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-47300

Matching Score-4

Assigner-kernel.org

Matching Score-4

Assigner-kernel.org

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 27.58%

7 Day CHG~0.00%

Published-21 May, 2024 | 14:35

Updated-04 May, 2025 | 07:08

bpf: Fix tail_call_reachable rejection for interpreter when jit failed

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when jit_subprogs() fails and tries to clean up the program to be run under the interpreter, we ran into the following freeze: [...] #127/8 tailcall_bpf2bpf_3:FAIL [...] [ 92.041251] BUG: KASAN: slab-out-of-bounds in ___bpf_prog_run+0x1b9d/0x2e20 [ 92.042408] Read of size 8 at addr ffff88800da67f68 by task test_progs/682 [ 92.043707] [ 92.044030] CPU: 1 PID: 682 Comm: test_progs Tainted: G O 5.13.0-53301-ge6c08cb33a30-dirty #87 [ 92.045542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014 [ 92.046785] Call Trace: [ 92.047171] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.047773] ? __bpf_prog_run_args32+0x8b/0xb0 [ 92.048389] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.049019] ? ktime_get+0x117/0x130 [...] // few hundred [similar] lines more [ 92.659025] ? ktime_get+0x117/0x130 [ 92.659845] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.660738] ? __bpf_prog_run_args32+0x8b/0xb0 [ 92.661528] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.662378] ? print_usage_bug+0x50/0x50 [ 92.663221] ? print_usage_bug+0x50/0x50 [ 92.664077] ? bpf_ksym_find+0x9c/0xe0 [ 92.664887] ? ktime_get+0x117/0x130 [ 92.665624] ? kernel_text_address+0xf5/0x100 [ 92.666529] ? __kernel_text_address+0xe/0x30 [ 92.667725] ? unwind_get_return_address+0x2f/0x50 [ 92.668854] ? ___bpf_prog_run+0x15d4/0x2e20 [ 92.670185] ? ktime_get+0x117/0x130 [ 92.671130] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.672020] ? __bpf_prog_run_args32+0x8b/0xb0 [ 92.672860] ? __bpf_prog_run_args64+0xc0/0xc0 [ 92.675159] ? ktime_get+0x117/0x130 [ 92.677074] ? lock_is_held_type+0xd5/0x130 [ 92.678662] ? ___bpf_prog_run+0x15d4/0x2e20 [ 92.680046] ? ktime_get+0x117/0x130 [ 92.681285] ? __bpf_prog_run32+0x6b/0x90 [ 92.682601] ? __bpf_prog_run64+0x90/0x90 [ 92.683636] ? lock_downgrade+0x370/0x370 [ 92.684647] ? mark_held_locks+0x44/0x90 [ 92.685652] ? ktime_get+0x117/0x130 [ 92.686752] ? lockdep_hardirqs_on+0x79/0x100 [ 92.688004] ? ktime_get+0x117/0x130 [ 92.688573] ? __cant_migrate+0x2b/0x80 [ 92.689192] ? bpf_test_run+0x2f4/0x510 [ 92.689869] ? bpf_test_timer_continue+0x1c0/0x1c0 [ 92.690856] ? rcu_read_lock_bh_held+0x90/0x90 [ 92.691506] ? __kasan_slab_alloc+0x61/0x80 [ 92.692128] ? eth_type_trans+0x128/0x240 [ 92.692737] ? __build_skb+0x46/0x50 [ 92.693252] ? bpf_prog_test_run_skb+0x65e/0xc50 [ 92.693954] ? bpf_prog_test_run_raw_tp+0x2d0/0x2d0 [ 92.694639] ? __fget_light+0xa1/0x100 [ 92.695162] ? bpf_prog_inc+0x23/0x30 [ 92.695685] ? __sys_bpf+0xb40/0x2c80 [ 92.696324] ? bpf_link_get_from_fd+0x90/0x90 [ 92.697150] ? mark_held_locks+0x24/0x90 [ 92.698007] ? lockdep_hardirqs_on_prepare+0x124/0x220 [ 92.699045] ? finish_task_switch+0xe6/0x370 [ 92.700072] ? lockdep_hardirqs_on+0x79/0x100 [ 92.701233] ? finish_task_switch+0x11d/0x370 [ 92.702264] ? __switch_to+0x2c0/0x740 [ 92.703148] ? mark_held_locks+0x24/0x90 [ 92.704155] ? __x64_sys_bpf+0x45/0x50 [ 92.705146] ? do_syscall_64+0x35/0x80 [ 92.706953] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [...] Turns out that the program rejection from e411901c0b77 ("bpf: allow for tailcalls in BPF subprograms for x64 JIT") is buggy since env->prog->aux->tail_call_reachable is never true. Commit ebf7d1f508a7 ("bpf, x64: rework pro/epilogue and tailcall handling in JIT") added a tracker into check_max_stack_depth() which propagates the tail_call_reachable condition throughout the subprograms. This info is then assigned to the subprogram's ---truncated---

Vendor-Linux Kernel Organization, Inc

Product-linux_kernel Linux

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-7718

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.81%

7 Day CHG~0.00%

Published-20 Apr, 2017 | 17:00

Updated-20 Apr, 2025 | 01:37

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.

Vendor-n/a QEMU Debian GNU/Linux

Product-debian_linux qemu n/a

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-50612

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.04% / 11.91%

7 Day CHG~0.00%

Published-27 Oct, 2024 | 00:00

Updated-05 Nov, 2024 | 16:14

libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

Vendor-libsndfile_project n/a libsndfile_project

Product-libsndfile n/a libsndfile

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-5255

Matching Score-4

Assigner-Huawei Technologies