Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23813

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-10 Jan, 2023 | 20:56
Updated At-09 Apr, 2025 | 14:44
Rejected At-
Credits

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:10 Jan, 2023 | 20:56
Updated At:09 Apr, 2025 | 14:44
Rejected At:
▼CVE Numbering Authority (CNA)

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.

Affected Products
Vendor
Advanced Micro Devices, Inc. AMD
Product
2nd Gen EPYC
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen EPYC
Package Name
AGESA
Platforms
  • x86
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
vendor-advisory
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:11 Jan, 2023 | 08:15
Updated At:07 Nov, 2023 | 03:44

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Advanced Micro Devices, Inc.
amd
>>milanpi-sp3>>-
cpe:2.3:h:amd:milanpi-sp3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>milanpi-sp3_firmware>>Versions before 1.0.0.9(exclusive)
cpe:2.3:o:amd:milanpi-sp3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>romepi>>-
cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>romepi_firmware>>Versions before 1.0.0.e(exclusive)
cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032psirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

18Records found
CVE-2022-23830
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-1.9||LOW
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:53
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_9254_firmwareepyc_9354pepyc_7713pepyc_7573xepyc_7443epyc_9684x_firmwareepyc_7643pepyc_7513epyc_9534epyc_7203_firmwareepyc_7453epyc_7373xepyc_8224pepyc_7513_firmwareepyc_9334_firmwareepyc_8124pn_firmwareepyc_9454p_firmwareepyc_9454epyc_8024pn_firmwareepyc_7303p_firmwareepyc_9534_firmwareepyc_7413_firmwareepyc_9754_firmwareepyc_9384x_firmwareepyc_8024pnepyc_7643_firmwareepyc_9274f_firmwareepyc_75f3epyc_7373x_firmwareepyc_75f3_firmwareepyc_9184x_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_8024pepyc_9754s_firmwareepyc_8434pepyc_9634_firmwareepyc_8434p_firmwareepyc_7643p_firmwareepyc_9174f_firmwareepyc_7313pepyc_9124_firmwareepyc_7573x_firmwareepyc_7303pepyc_8224pnepyc_7713_firmwareepyc_9254epyc_7203p_firmwareepyc_7713epyc_9474f_firmwareepyc_7443p_firmwareepyc_7773xepyc_8124pepyc_8324pn_firmwareepyc_9634epyc_9554p_firmwareepyc_8324p_firmwareepyc_8024p_firmwareepyc_8124p_firmwareepyc_7663pepyc_7443_firmwareepyc_7343epyc_7543_firmwareepyc_7763_firmwareepyc_9274fepyc_9734epyc_8534p_firmwareepyc_9454pepyc_9734_firmwareepyc_8124pnepyc_7313p_firmwareepyc_9124epyc_7663p_firmwareepyc_9354epyc_7543p_firmwareepyc_9374f_firmwareepyc_9554_firmwareepyc_8534pnepyc_7663epyc_7203epyc_7773x_firmwareepyc_72f3_firmwareepyc_8224p_firmwareepyc_9174fepyc_7473xepyc_8534pn_firmwareepyc_9754epyc_8534pepyc_7413epyc_9654_firmwareepyc_9384xepyc_9554pepyc_9654epyc_9684xepyc_7313epyc_7663_firmwareepyc_9474fepyc_7303_firmwareepyc_9754sepyc_9654pepyc_74f3_firmwareepyc_7763epyc_9454_firmwareepyc_9374fepyc_7713p_firmwareepyc_73f3_firmwareepyc_9654p_firmwareepyc_9334epyc_7203pepyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_9354_firmwareepyc_9354p_firmwareepyc_8434pnepyc_9224_firmwareepyc_8224pn_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_8324pnepyc_9184xepyc_7453_firmwareepyc_9224epyc_7303epyc_74f3epyc_9554epyc_73f3AMD EPYC™ Embedded 70033rd Gen AMD EPYC™ Processors4th Gen AMD EPY™ Processors
CVE-2022-23814
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpi-sp3_firmwaremilanpi-sp33rd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20529
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.41%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26352
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.62%
||
7 Day CHG-0.01%
Published-10 May, 2022 | 18:26
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xryzen_5_2700x_firmwareryzen_7_5700gryzen_3_5300g_firmwareryzen_threadripper_2920xryzen_9_3900x_firmwareryzen_5_2600ryzen_threadripper_pro_5965wx_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_7_3700xryzen_5_5600gryzen_threadripper_2950x_firmwareryzen_9_3900xryzen_9_5900x_firmwareryzen_threadripper_pro_5975wxryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5950x_firmwareryzen_threadripper_pro_5995wxryzen_threadripper_2970wxryzen_5_5600geryzen_3_5300geryzen_7_5800x_firmwareryzen_5_2600xryzen_3_5300ge_firmwareryzen_7_5800xryzen_threadripper_pro_5965wxryzen_5_3600x_firmwareryzen_threadripper_2920x_firmwareryzen_7_5700geryzen_5_2700ryzen_5_5600g_firmwareryzen_7_3800x_firmwareryzen_5_2600x_firmwareryzen_5_2700_firmwareryzen_7_3700x_firmwareryzen_5_5600x_firmwareryzen_3_5300gryzen_threadripper_2950xryzen_5_5600ge_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_threadripper_3970xryzen_threadripper_pro_5945wxryzen_5_3600xryzen_5_2700xryzen_threadripper_pro_5955wxryzen_5_2600_firmwareryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_5_3600ryzen_threadripper_3970x_firmwareryzen_9_3950x_firmwareryzen_7_3800xryzen_threadripper_pro_5995wx_firmwareryzen_7_5700ge_firmwareryzen_9_5950xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26369
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.31%
||
7 Day CHG-0.01%
Published-12 May, 2022 | 17:07
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-athlon_3150geryzen_3_3300x_firmwareryzen_5_5600hathlon_3150g_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_3_5425cryzen_9_3900xryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3450gathlon_3050geryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_2300u_firmwareryzen_7_5800hsryzen_5_5600xryzen_9_5900hx_firmwareryzen_5_5600hsryzen_threadripper_2970wxryzen_3_2300uryzen_7_5825uryzen_5_2600xryzen_7_5825u_firmwareryzen_7_2700u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5_3400gryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_threadripper_2950xryzen_5_5700gryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_5_2500u_firmwareryzen_3_3100ryzen_threadripper_2970wx_firmwareryzen_9_3950x_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_5_5700g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5625c_firmwareryzen_3_5425uryzen_5_2600hryzen_5_5625cryzen_5_5700ge_firmwareryzen_9_5980hx_firmwareryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareradeon_softwareryzen_7_5825cryzen_5_2600h_firmwareryzen_7_5800uryzen_7_2800hathlon_3150gryzen_9_5900hxryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_9_5980hs_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_3_5425c_firmwareathlon_3150ge_firmwareryzen_5_5600h_firmwareryzen_3_3300gryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_5_3600ryzen_7_5800hs_firmwareryzen_7_3800xryzen_5_5625u_firmwareathlon_3050ge_firmwareryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-31355
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6||MEDIUM
EPSS-0.93% / 75.20%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 16:04
Updated-26 Nov, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_embedded_9454pepyc_7543epyc_9254_firmwareepyc_9354pepyc_embedded_9454p_firmwareepyc_7573xepyc_7713pepyc_7443epyc_7513epyc_7643pepyc_9684x_firmwareepyc_embedded_9654_firmwareepyc_9534epyc_7203_firmwareepyc_embedded_7713_firmwareepyc_embedded_9554_firmwareepyc_7453epyc_embedded_7413epyc_7373xepyc_8224pepyc_7513_firmwareepyc_9334_firmwareepyc_8124pn_firmwareepyc_9454p_firmwareepyc_9454epyc_7303p_firmwareepyc_8024pn_firmwareepyc_7413_firmwareepyc_9534_firmwareepyc_9754_firmwareepyc_embedded_9454epyc_9384x_firmwareepyc_8024pnepyc_7643_firmwareepyc_9274f_firmwareepyc_75f3epyc_7373x_firmwareepyc_embedded_9554pepyc_embedded_9554epyc_75f3_firmwareepyc_9184x_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_8024pepyc_9754s_firmwareepyc_8434pepyc_9634_firmwareepyc_embedded_7543epyc_8434p_firmwareepyc_7643p_firmwareepyc_9174f_firmwareepyc_7313pepyc_9124_firmwareepyc_embedded_7313_firmwareepyc_7573x_firmwareepyc_7303pepyc_7713_firmwareepyc_8224pnepyc_embedded_7643epyc_embedded_9254epyc_9254epyc_embedded_7643_firmwareepyc_7203p_firmwareepyc_7713epyc_9474f_firmwareepyc_7443p_firmwareepyc_7773xepyc_embedded_9254_firmwareepyc_embedded_7313p_firmwareepyc_8124pepyc_8324pn_firmwareepyc_9634epyc_9554p_firmwareepyc_embedded_7713epyc_8324p_firmwareepyc_8024p_firmwareepyc_embedded_7543_firmwareepyc_8124p_firmwareepyc_7663pepyc_embedded_7313epyc_7443_firmwareepyc_7343epyc_7543_firmwareepyc_7763_firmwareepyc_embedded_9354p_firmwareepyc_9274fepyc_embedded_7313pepyc_8534p_firmwareepyc_9734epyc_9454pepyc_embedded_9654p_firmwareepyc_9734_firmwareepyc_8124pnepyc_7313p_firmwareepyc_embedded_9654epyc_embedded_7543p_firmwareepyc_9124epyc_7663p_firmwareepyc_9354epyc_embedded_9534_firmwareepyc_7543p_firmwareepyc_9374f_firmwareepyc_embedded_7713pepyc_9554_firmwareepyc_8534pnepyc_embedded_9454_firmwareepyc_embedded_7443epyc_7203epyc_7663epyc_7773x_firmwareepyc_embedded_9654pepyc_72f3_firmwareepyc_8224p_firmwareepyc_9174fepyc_7473xepyc_8534pn_firmwareepyc_embedded_9354pepyc_9754epyc_8534pepyc_embedded_7443pepyc_7413epyc_embedded_9124epyc_9654_firmwareepyc_9384xepyc_9554pepyc_9654epyc_9684xepyc_7313epyc_7663_firmwareepyc_embedded_7443_firmwareepyc_9474fepyc_7303_firmwareepyc_9754sepyc_embedded_7443p_firmwareepyc_74f3_firmwareepyc_9654pepyc_7763epyc_9454_firmwareepyc_embedded_9554p_firmwareepyc_9374fepyc_7713p_firmwareepyc_embedded_9124_firmwareepyc_73f3_firmwareepyc_9654p_firmwareepyc_embedded_7413_firmwareepyc_9334epyc_embedded_7713p_firmwareepyc_7203pepyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_embedded_9354_firmwareepyc_9354_firmwareepyc_embedded_7543pepyc_9354p_firmwareepyc_8434pnepyc_9224_firmwareepyc_7313_firmwareepyc_7543pepyc_8224pn_firmwareepyc_7443pepyc_8324pnepyc_9184xepyc_7453_firmwareepyc_embedded_9354epyc_9224epyc_7303epyc_74f3epyc_embedded_9534epyc_9554epyc_73f3AMD EPYC™ Embedded 7003AMD EPYC™ Embedded 90033rd Gen AMD EPYC™ Processors4th Gen AMD EPYC™ Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20531
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.41%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-21980
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.9||HIGH
EPSS-0.93% / 75.20%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 16:06
Updated-26 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_embedded_9454pepyc_7543epyc_9254_firmwareepyc_9354pepyc_embedded_9454p_firmwareepyc_7573xepyc_7713pepyc_7443epyc_7513epyc_7643pepyc_9684x_firmwareepyc_embedded_9654_firmwareepyc_9534epyc_7203_firmwareepyc_embedded_7713_firmwareepyc_embedded_9554_firmwareepyc_7453epyc_embedded_7413epyc_7373xepyc_8224pepyc_7513_firmwareepyc_9334_firmwareepyc_8124pn_firmwareepyc_9454p_firmwareepyc_9454epyc_7303p_firmwareepyc_8024pn_firmwareepyc_7413_firmwareepyc_9534_firmwareepyc_9754_firmwareepyc_embedded_9454epyc_9384x_firmwareepyc_8024pnepyc_7643_firmwareepyc_9274f_firmwareepyc_75f3epyc_7373x_firmwareepyc_embedded_9554pepyc_embedded_9554epyc_75f3_firmwareepyc_9184x_firmwareepyc_7473x_firmwareepyc_7343_firmwareepyc_8024pepyc_9754s_firmwareepyc_8434pepyc_9634_firmwareepyc_embedded_7543epyc_8434p_firmwareepyc_7643p_firmwareepyc_9174f_firmwareepyc_7313pepyc_9124_firmwareepyc_embedded_7313_firmwareepyc_7573x_firmwareepyc_7303pepyc_7713_firmwareepyc_8224pnepyc_embedded_7643epyc_embedded_9254epyc_9254epyc_embedded_7643_firmwareepyc_7203p_firmwareepyc_7713epyc_9474f_firmwareepyc_7443p_firmwareepyc_7773xepyc_embedded_9254_firmwareepyc_embedded_7313p_firmwareepyc_8124pepyc_8324pn_firmwareepyc_9634epyc_9554p_firmwareepyc_embedded_7713epyc_8324p_firmwareepyc_8024p_firmwareepyc_embedded_7543_firmwareepyc_8124p_firmwareepyc_7663pepyc_embedded_7313epyc_7443_firmwareepyc_7343epyc_7543_firmwareepyc_7763_firmwareepyc_embedded_9354p_firmwareepyc_9274fepyc_embedded_7313pepyc_8534p_firmwareepyc_9734epyc_9454pepyc_embedded_9654p_firmwareepyc_9734_firmwareepyc_8124pnepyc_7313p_firmwareepyc_embedded_9654epyc_embedded_7543p_firmwareepyc_9124epyc_7663p_firmwareepyc_9354epyc_embedded_9534_firmwareepyc_7543p_firmwareepyc_9374f_firmwareepyc_embedded_7713pepyc_9554_firmwareepyc_8534pnepyc_embedded_9454_firmwareepyc_embedded_7443epyc_7203epyc_7663epyc_7773x_firmwareepyc_embedded_9654pepyc_72f3_firmwareepyc_8224p_firmwareepyc_9174fepyc_7473xepyc_8534pn_firmwareepyc_embedded_9354pepyc_9754epyc_8534pepyc_embedded_7443pepyc_7413epyc_embedded_9124epyc_9654_firmwareepyc_9384xepyc_9554pepyc_9654epyc_9684xepyc_7313epyc_7663_firmwareepyc_embedded_7443_firmwareepyc_9474fepyc_7303_firmwareepyc_9754sepyc_embedded_7443p_firmwareepyc_74f3_firmwareepyc_9654pepyc_7763epyc_9454_firmwareepyc_embedded_9554p_firmwareepyc_9374fepyc_7713p_firmwareepyc_embedded_9124_firmwareepyc_73f3_firmwareepyc_9654p_firmwareepyc_embedded_7413_firmwareepyc_9334epyc_embedded_7713p_firmwareepyc_7203pepyc_8434pn_firmwareepyc_8324pepyc_72f3epyc_7643epyc_embedded_9354_firmwareepyc_9354_firmwareepyc_embedded_7543pepyc_9354p_firmwareepyc_8434pnepyc_9224_firmwareepyc_7313_firmwareepyc_7543pepyc_8224pn_firmwareepyc_7443pepyc_8324pnepyc_9184xepyc_7453_firmwareepyc_embedded_9354epyc_9224epyc_7303epyc_74f3epyc_embedded_9534epyc_9554epyc_73f3AMD EPYC™ Embedded 7003AMD EPYC™ Embedded 90033rd Gen AMD EPYC™ Processors4th Gen AMD EPYC™ Processorsepyc_9754s_firmwareepyc_9003_firmwareepyc_7773x_firmwareepyc_7003_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46757
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:23
Updated-07 May, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_embedded_5900e_firmwareryzen_embedded_v2546ryzen_embedded_v2718_firmwareryzen_embedded_5600e_firmwareryzen_embedded_5950e_firmwareryzen_embedded_v2516ryzen_embedded_5800eryzen_embedded_r2314ryzen_embedded_r2312ryzen_embedded_v2748ryzen_embedded_v2546_firmwareryzen_embedded_5600eryzen_embedded_v2748_firmwareryzen_embedded_r2314_firmwareryzen_embedded_v2516_firmwareryzen_embedded_5800e_firmwareryzen_embedded_5900eryzen_embedded_v2718ryzen_embedded_r2312_firmwareryzen_embedded_5950eAMD Ryzen™ Embedded V2000AMD Ryzen™ Embedded 5000
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46748
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.78%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:50
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

Action-Not Available
Vendor-Intel CorporationAdvanced Micro Devices, Inc.
Product-radeon_rx_7700sryzen_5_pro_3200geradeon_pro_w6900xryzen_3_5300uradeon_rx_5700mradeon_rx_vega_m_firmwareradeon_pro_w6500mradeon_rx_7900_greradeon_rx_vega_56core_i5-8305gradeon_pro_vega_56_firmwareryzen_5_4600hsradeon_rx_5600ryzen_7_4980uradeon_rx_5300mradeon_rx_7900mryzen_3_3015ceradeon_rx_7900_xtradeon_rx_5500_xtradeon_rx_6600sradeon_rx_6650mnuc_8_enthusiast_nuc8i7hvkvawradeon_rx_6650_xtradeon_pro_w6800xradeon_rx_6700_xtryzen_5_pro_3400gradeon_rx_7600m_xtryzen_5_pro_3350geryzen_5_5600gryzen_5_pro_3400geradeon_pro_w6600radeon_pro_vega_64radeon_rx_6700mryzen_5_4680uryzen_5_5500unuc_8_enthusiast_nuc8i7hvkvaradeon_pro_w7600radeon_rx_6650m_xtradeon_rx_6700radeon_rx_7700_xtradeon_rx_7600sradeon_rx_6550mradeon_rx_5600_xtradeon_rx_6850m_xtradeon_rx_6550sradeon_pro_w5700radeon_rx_6800ryzen_7_4800hryzen_3_3015eradeon_softwareradeon_rx_6600mradeon_rx_5500mradeon_rx_7900_xtxryzen_7_5700gnuc_8_enthusiast_nuc8i7hnkqcradeon_rx_6900_xtradeon_rx_5600mradeon_rx_6950_xtryzen_3_4300geryzen_5_pro_3200gradeon_rx_vega_64_firmwareryzen_7_4700gryzen_3_4300gryzen_9_4900hsradeon_rx_5700_xtradeon_rx_6500mcore_i7-8706gradeon_rx_6800_xtradeon_pro_w6400radeon_rx_6500_xtradeon_rx_5700radeon_rx_6450mradeon_rx_7800_xtryzen_5_4500uradeon_rx_5300radeon_pro_w5500xradeon_pro_w6300mryzen_5_4600uradeon_pro_w6800x_duoradeon_pro_vega_64_firmwareradeon_rx_5500ryzen_7_4700geryzen_9_4900hradeon_rx_6400radeon_rx_6600_xtradeon_pro_vega_56ryzen_7_5700uradeon_rx_6800mradeon_rx_6300mryzen_5_4600geradeon_rx_7600radeon_pro_w6300radeon_pro_w6600xryzen_5_5500hradeon_pro_w7500radeon_rx_vega_56_firmwareradeon_rx_7600mcore_i7-8709gryzen_7_4700uradeon_pro_w6600mryzen_5_5600gecore_i7-8705gryzen_3_4300uradeon_pro_w5500ryzen_3_5300geryzen_5_4500ryzen_3_4100ryzen_7_4800hsradeon_pro_w5700xradeon_pro_w6800ryzen_7_5700geradeon_rx_6600radeon_rx_vega_64ryzen_3_5300gryzen_5_4600gnuc_kit_nuc8i7hnknuc_kit_nuc8i7hvkryzen_5_pro_3350gryzen_5_4600hradeon_pro_w7800radeon_rx_6700sradeon_rx_5300_xtradeon_rx_6800sRadeon™ RX Vega Series Graphics CardsRadeon™ PRO WX Vega Series Graphics CardsRadeon™ RX 5000/6000/7000 Series Graphics CardsRadeon™ PRO W5000/W6000/W7000 Series Graphics Cards
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46760
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.42%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:01
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3975wxryzen_3975wx_firmwareryzen_3955wx_firmwareryzen_3995wxryzen_3955wxryzen_3970x_firmwareryzen_3960xryzen_3945wx_firmwareryzen_3970xryzen_3990xryzen_3960x_firmwareryzen_3995wx_firmwareryzen_3945wxryzen_3990x_firmware3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ Threadripper™ PRO Processors “Castle Peak” WS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-31352
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 22:44
Updated-12 Feb, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD EPYC™ Embedded 9004AMD EPYC™ 9004 Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26372
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:18
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7573xepyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7373xepyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7773x_firmwareepyc_7373x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7642epyc_7473xepyc_7473x_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7663_firmwareepyc_7573x_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7773xepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26336
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.62%
||
7 Day CHG-0.01%
Published-16 Nov, 2021 | 18:04
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pryzen_3_3100_firmwareepyc_7443epyc_7513ryzen_threadripper_2950x_firmwareryzen_9_3900xepyc_7232p_firmwareryzen_9_5980hxepyc_7702ryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxepyc_7453ryzen_5_5600hsryzen_7_5825uepyc_7513_firmwareryzen_7_5825u_firmwareryzen_5_5700geryzen_5_3600x_firmwareepyc_7542ryzen_5_3400gepyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxepyc_7002epyc_7643_firmwareryzen_5_5560uryzen_threadripper_1950x_firmwareepyc_7f52epyc_75f3ryzen_threadripper_pro_5945wxepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_75f3_firmwareepyc_7662_firmwareepyc_7343_firmwareryzen_threadripper_1900x_firmwareryzen_9_5900hsepyc_7313pepyc_7002_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5825c_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_5_5625c_firmwareepyc_7352ryzen_5_5625cepyc_7713_firmwareepyc_7742epyc_7272ryzen_3_5400uryzen_5_3450g_firmwareepyc_7713epyc_7003_firmwareepyc_7443p_firmwareryzen_threadripper_3990x_firmwareepyc_7003ryzen_9_5980hs_firmwareryzen_5_5600x_firmwareryzen_threadripper_3990xryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_5400u_firmwareepyc_7742_firmwareryzen_7_3800xryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareepyc_7443_firmwareryzen_5_5600hepyc_7402pepyc_7343ryzen_3_3300x_firmwareepyc_7252_firmwareepyc_7543_firmwareryzen_threadripper_1920x_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_3_5425cryzen_3_3300g_firmwareryzen_3_5425u_firmwareepyc_7313p_firmwareryzen_5_3450gepyc_7252epyc_7502pryzen_threadripper_1900xryzen_5_5600uryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_9_5900hx_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452epyc_7543p_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareepyc_7302ryzen_3_5125cryzen_7_3800x_firmwareepyc_7232pryzen_5_5700gryzen_threadripper_1950xryzen_9_5900hs_firmwareryzen_threadripper_pro_3945wx_firmwareepyc_7663ryzen_5_5600u_firmwareepyc_7552_firmwareryzen_5_3600xepyc_72f3_firmwareepyc_7662epyc_7642ryzen_threadripper_2970wx_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_9_3950x_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413ryzen_5_5700g_firmwareepyc_7313epyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_9_3900x_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareryzen_3_5425uryzen_5_5700ge_firmwareepyc_7763epyc_7302_firmwareryzen_threadripper_pro_3955wx_firmwareryzen_9_5980hx_firmwareepyc_7402_firmwareryzen_5_5560u_firmwareepyc_7713p_firmwareryzen_threadripper_1920xepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262ryzen_7_5825cryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_9_3950xryzen_3_3300gryzen_7_5800hepyc_7313_firmwareepyc_7543pepyc_7443pryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxepyc_7453_firmwareryzen_7_5800hs_firmwareepyc_7282ryzen_threadripper_pro_3975wx_firmwareryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7532ryzen_5_5625u_firmwareepyc_73f3Athlon™ SeriesRyzen™ Series
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26378
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:23
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pepyc_7573xryzen_3_3100_firmwareepyc_7513ryzen_threadripper_2950x_firmwareryzen_9_5900x_firmwareryzen_5_2500uepyc_7232p_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxepyc_7453ryzen_3_2300uepyc_7373xepyc_7513_firmwareepyc_7542epyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_threadripper_pro_3975wxepyc_7643_firmwareryzen_threadripper_1950x_firmwareepyc_7f52epyc_75f3ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_7343_firmwareryzen_3_2200u_firmwareryzen_threadripper_1900x_firmwareryzen_3_2200uepyc_7313pryzen_7_5700gryzen_threadripper_2920xepyc_7573x_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xepyc_7352ryzen_5_2600hepyc_7713_firmwareepyc_7742ryzen_5_5500epyc_7272ryzen_7_2700uepyc_7713epyc_7443p_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_7_2800hepyc_7773xryzen_threadripper_3990x_firmwareryzen_5_5600x_firmwareryzen_7_5800x3dryzen_threadripper_3990xryzen_threadripper_pro_5955wxepyc_7742_firmwareryzen_9_5950xryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3200u_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareryzen_threadripper_1920x_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gepyc_7313p_firmwareepyc_7252epyc_7502pryzen_threadripper_1900xryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7302ryzen_7_2800h_firmwareepyc_7232pryzen_threadripper_1950xryzen_threadripper_pro_3945wx_firmwareepyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7662ryzen_7_5700g_firmwareepyc_7642epyc_7473xryzen_threadripper_2970wx_firmwareryzen_threadripper_pro_5975wx_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413ryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uepyc_7552epyc_7302pepyc_7702p_firmwareryzen_3_3300epyc_74f3_firmwareepyc_7302_firmwareepyc_7763ryzen_threadripper_pro_3955wx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_1920xepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_3_3250uryzen_5_5600g_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xepyc_7543pepyc_7443pryzen_threadripper_3970x_firmwareryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_7_5700xepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26364
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.57%
||
7 Day CHG+0.02%
Published-11 May, 2022 | 16:25
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7573xepyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7373xepyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7773x_firmwareepyc_7373x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7642epyc_7473xepyc_7473x_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7663_firmwareepyc_7573x_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7773xepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f3EPYC™ Processors
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1473
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-92.77% / 99.75%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1472
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-89.91% / 99.55%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv160_firmwarerv260w_firmwarerv345p_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-287
Improper Authentication
Details not found