ByteOS

Product

2nd Gen EPYC

Package Name

AGESA

Platforms

Default Status

unaffected

Versions

Affected

various

Vendor

Product

3rd Gen EPYC

Package Name

AGESA

Platforms

Default Status

unaffected

Versions

Affected

various

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	vendor-advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	vendor-advisory x_transferred

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-119	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Type: CWE

CWE ID: CWE-119

Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:11 Jan, 2023 | 08:15

Updated At:07 Apr, 2025 | 19:15

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:*

>>epyc_7h12_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*

>>epyc_7h12>>-

cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:*

>>epyc_7f72_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*

>>epyc_7f72>>-

cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:*

>>epyc_7f52_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*

>>epyc_7f52>>-

cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:*

>>epyc_7f32_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*

>>epyc_7f32>>-

cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:*

>>epyc_7742_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*

>>epyc_7742>>-

cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:*

>>epyc_7702p_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*

>>epyc_7702p>>-

cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:*

>>epyc_7702_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*

>>epyc_7702>>-

cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:*

>>epyc_7662_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*

>>epyc_7662>>-

cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:*

>>epyc_7642_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*

>>epyc_7642>>-

cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:*

>>epyc_7552_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*

>>epyc_7552>>-

cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:*

>>epyc_7542_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*

>>epyc_7542>>-

cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:*

>>epyc_7532_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*

>>epyc_7532>>-

cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:*

>>epyc_7502p_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*

>>epyc_7502p>>-

cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:*

>>epyc_7502_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*

>>epyc_7502>>-

cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:*

>>epyc_7452_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*

>>epyc_7452>>-

cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:*

>>epyc_7402_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*

>>epyc_7402>>-

cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:*

>>epyc_7402p_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*

>>epyc_7402p>>-

cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:*

>>epyc_7352_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*

>>epyc_7352>>-

cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:*

>>epyc_7302p_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*

>>epyc_7302p>>-

cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:*

>>epyc_7302_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*

>>epyc_7302>>-

cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:*

>>epyc_7282_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*

>>epyc_7282>>-

cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:*

>>epyc_7272_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*

>>epyc_7272>>-

cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*

>>epyc_7262_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*

>>epyc_7262>>-

cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*

>>epyc_7252_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*

>>epyc_7252>>-

cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*

>>epyc_7232p_firmware>>Versions before romepi_1.0.0.c(exclusive)

cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*

>>epyc_7232p>>-

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-119	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-119

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	psirt@amd.com	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Source: psirt@amd.com

Resource:

Vendor Advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Similar CVEs

181Records found

CVE-2023-20529

Matching Score-10

Matching Score-10

CVSS Score-7.5||HIGH

EPSS-0.18% / 40.42%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:57

Updated-07 Apr, 2025 | 19:15

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

Product-epyc_7702_firmware epyc_7343_firmware epyc_7453 epyc_7702p_firmware epyc_7413_firmware epyc_7f52 epyc_7302 epyc_7232p_firmware epyc_7302_firmware epyc_7443 epyc_7542 epyc_7763_firmware epyc_7513 epyc_7373x_firmware epyc_7352 epyc_7573x_firmware epyc_7f32 epyc_7302p_firmware epyc_7742 epyc_7252 epyc_7542_firmware epyc_7262 epyc_7773x_firmware epyc_72f3_firmware epyc_7443p_firmware epyc_7402 epyc_7702p epyc_7443p epyc_7h12_firmware epyc_75f3 epyc_7443_firmware epyc_7642_firmware epyc_7f32_firmware epyc_7552_firmware epyc_7313p epyc_7402p epyc_7543p epyc_7f72_firmware epyc_7642 epyc_7532 epyc_7502p_firmware epyc_7573x epyc_7272_firmware epyc_7663_firmware epyc_7763 epyc_7413 epyc_7643 epyc_7502 epyc_7h12 epyc_7f72 epyc_7743_firmware epyc_7643_firmware epyc_72f3 epyc_7262_firmware epyc_7352_firmware epyc_74f3_firmware epyc_7532_firmware epyc_7502_firmware epyc_7543_firmware epyc_7402p_firmware epyc_7373x epyc_7232p epyc_7282_firmware epyc_7743 epyc_7452 epyc_7452_firmware epyc_7302p epyc_73f3_firmware epyc_7702 epyc_7543p_firmware epyc_7663 epyc_7773x epyc_7543 epyc_7f52_firmware epyc_7313p_firmware epyc_7662_firmware epyc_7252_firmware epyc_7002_firmware epyc_7313 epyc_7003 epyc_7003_firmware epyc_7002 epyc_7313_firmware epyc_7402_firmware epyc_74f3 epyc_75f3_firmware epyc_7343 epyc_7272 epyc_7662 epyc_7713p_firmware epyc_7713p epyc_73f3 epyc_7713_firmware epyc_7453_firmware epyc_7552 epyc_7502p epyc_7713 epyc_7742_firmware epyc_7282 epyc_7513_firmware 3rd Gen EPYC 2nd Gen EPYC

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-20530

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.14% / 34.26%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:57

Updated-07 Apr, 2025 | 19:15

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20522

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.14% / 34.26%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:56

Updated-07 Apr, 2025 | 16:15

Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.

Product-milanpi romepi milanpi_firmware romepi_firmware 3rd Gen EPYC 2nd Gen EPYC

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20533

Matching Score-8

Matching Score-8

CVSS Score-6.1||MEDIUM

EPSS-0.03% / 7.50%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:52

Updated-02 Aug, 2024 | 09:05

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVE-2021-26406

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.15% / 35.54%

7 Day CHG~0.00%

Published-09 May, 2023 | 18:59

Updated-28 Jan, 2025 | 16:15

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.

Product-epyc_7301_firmware epyc_7451_firmware epyc_7552_firmware epyc_7451 epyc_7282_firmware epyc_7742_firmware epyc_7371 epyc_7f72_firmware epyc_7532 epyc_7702p_firmware epyc_7551 epyc_7h12 epyc_7301 epyc_7401 epyc_7f52 epyc_7f32 epyc_7402p epyc_7552 epyc_7261_firmware epyc_7571_firmware epyc_7252 epyc_7402_firmware epyc_7351_firmware epyc_7642_firmware epyc_7262_firmware epyc_7351 epyc_7542 epyc_7642 epyc_7272_firmware epyc_7501 epyc_7302 epyc_7f32_firmware epyc_7401p_firmware epyc_7252_firmware epyc_7352 epyc_7401_firmware epyc_7662 epyc_7232p epyc_7532_firmware epyc_7351p_firmware epyc_7551p epyc_7501_firmware epyc_7302_firmware epyc_7702_firmware epyc_7742 epyc_7f52_firmware epyc_7502 epyc_7452 epyc_7601_firmware epyc_7302p epyc_7502_firmware epyc_7402p_firmware epyc_7251 epyc_7402 epyc_7551_firmware epyc_7232p_firmware epyc_7302p_firmware epyc_7261 epyc_7551p_firmware epyc_7352_firmware epyc_7281 epyc_7502p_firmware epyc_7371_firmware epyc_7281_firmware epyc_7571 epyc_7702 epyc_7702p epyc_7251_firmware epyc_7351p epyc_7502p epyc_7h12_firmware epyc_7452_firmware epyc_7401p epyc_7282 epyc_7272 epyc_7662_firmware epyc_7542_firmware epyc_7f72 epyc_7601 epyc_7262 Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”1st Gen AMD EPYC™ Processors 2nd Gen AMD EPYC™ Processors Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”

CVE-2021-26338

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.31% / 53.95%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 17:53

Updated-17 Sep, 2024 | 01:56

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7443_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7282_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7453 epyc_7642_firmware epyc_7h12 epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7302 epyc_7413_firmware epyc_7h12_firmware epyc_7232p epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_72f3_firmware epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7f72_firmware epyc_7662_firmware epyc_7502 epyc_75f3_firmware epyc_7642 epyc_7343_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_7313p epyc_7313 epyc_7663_firmware epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7443p_firmware epyc_72f3 epyc_7643 epyc_7452_firmware epyc_7402p_firmware epyc_7543p epyc_7313_firmware epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_73f3 2nd Gen AMD EPYC™3rd Gen AMD EPYC™

CWE ID-CWE-284

Improper Access Control

CVE-2023-31320

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-6.64% / 90.82%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:51

Updated-02 Aug, 2024 | 14:53

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.

Product-radeon_pro_w5500x radeon_rx_vega_64 radeon_pro_w7600 radeon_rx_6500m radeon_rx_6600 radeon_pro_vega_56_firmware ryzen_3_5300u radeon_rx_6900_xt radeon_rx_7900m ryzen_5_5600g radeon_rx_7900_xt radeon_rx_5300 ryzen_7_4700ge ryzen_7_4800h radeon_rx_vega_56 radeon_pro_w6400 radeon_rx_5500 ryzen_5_5500h radeon_rx_7900_gre radeon_pro_w5700 ryzen_9_4900h ryzen_3_5300ge ryzen_5_5600ge radeon_rx_6550m ryzen_7_4800hs radeon_rx_5300_xt ryzen_3_3015ce ryzen_5_pro_3400g radeon_rx_7800_xt radeon_rx_6700s ryzen_7_4700g ryzen_7_5700ge ryzen_3_3015e ryzen_3_4300g radeon_rx_6600_xt radeon_rx_6850m_xt radeon_rx_6650_xt radeon_pro_vega_56 ryzen_5_pro_3350ge radeon_rx_5700m radeon_pro_w6600m radeon_pro_w6600x radeon_pro_w6600 radeon_rx_5700 radeon_rx_5700_xt radeon_rx_6800_xt radeon_pro_w7500 radeon_rx_7600m radeon_rx_5500m radeon_pro_w6900x radeon_rx_5300m radeon_rx_6500_xt radeon_pro_w6800 radeon_pro_vega_64 radeon_rx_6600m radeon_rx_6550s ryzen_3_4100 ryzen_9_4900hs radeon_pro_w5700x radeon_rx_6950_xt ryzen_7_5700g ryzen_5_4600hs radeon_rx_5500_xt ryzen_5_pro_3200g radeon_pro_w7800 radeon_rx_7700s ryzen_5_pro_3200ge ryzen_5_4600g radeon_rx_6300m radeon_rx_7600 radeon_rx_6450m radeon_rx_5600m radeon_rx_6800m radeon_software ryzen_5_4600ge radeon_rx_vega_56_firmware radeon_rx_vega_64_firmware ryzen_5_4500u radeon_rx_6700 radeon_pro_w6800x_duo radeon_pro_w6300 radeon_rx_6400 ryzen_3_4300u radeon_rx_6650m radeon_rx_6650m_xt radeon_rx_6800 radeon_rx_6700_xt radeon_rx_6700m ryzen_7_4980u ryzen_5_pro_3350g ryzen_3_5300g ryzen_5_pro_3400ge radeon_pro_w5500 radeon_rx_5600 radeon_pro_w6800x radeon_rx_5600_xt ryzen_3_4300ge ryzen_5_4680u ryzen_5_5500u radeon_pro_w6500m radeon_rx_7600s radeon_rx_7600m_xt radeon_pro_vega_64_firmware ryzen_7_4700u radeon_rx_6600s radeon_rx_7700_xt ryzen_5_4600u radeon_rx_7900_xtx radeon_rx_6800s radeon_pro_w6300m ryzen_7_5700u ryzen_5_4600h ryzen_5_4500 Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards Radeon™ RX Vega Series Graphics Cards Radeon™ RX 5000/6000/7000 Series Graphics Cards Radeon™ PRO WX Vega Series Graphics Cards

CWE ID-CWE-20

Improper Input Validation

CVE-2022-23831

Matching Score-8

Matching Score-8

Vendor-FreeBSD Foundation Linux Kernel Organization, Inc Microsoft Corporation Advanced Micro Devices, Inc.

CVSS Score-7.5||HIGH

EPSS-0.20% / 42.52%

7 Day CHG~0.00%

Published-09 Nov, 2022 | 20:45

Updated-01 May, 2025 | 15:15

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

Product-amd_uprof windows freebsd linux_kernel AMD μProf

CWE ID-CWE-20

Improper Input Validation

CVE-2022-27674

Matching Score-8

Matching Score-8

Vendor-FreeBSD Foundation Linux Kernel Organization, Inc Microsoft Corporation Advanced Micro Devices, Inc.

CVSS Score-7.5||HIGH

EPSS-0.08% / 25.31%

7 Day CHG~0.00%

Published-09 Nov, 2022 | 20:45

Updated-01 May, 2025 | 15:15

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Product-amd_uprof windows freebsd linux_kernel AMD μProf

CWE ID-CWE-20

Improper Input Validation

CVE-2021-46755

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.16% / 37.14%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:00

Updated-28 Jan, 2025 | 16:15

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.

Product-ryzen_3600x_firmware ryzen_3300x ryzen_3800x ryzen_3800xt_firmware ryzen_5800x ryzen_5800x3d_firmware ryzen_3300x_firmware ryzen_3600 ryzen_3800xt ryzen_5500 ryzen_3900x ryzen_5600 ryzen_3500 ryzen_3950x ryzen_5800x_firmware ryzen_5950x_firmware ryzen_5700g_firmware ryzen_5500_firmware ryzen_3600xt ryzen_3600x ryzen_5600g ryzen_3800x_firmware ryzen_5950x ryzen_3600xt_firmware ryzen_5700x ryzen_5600x ryzen_5600_firmware ryzen_5600g_firmware ryzen_5700g ryzen_3900_firmware ryzen_3900xt_firmware ryzen_3600_firmware ryzen_5900x ryzen_3950x_firmware ryzen_5600x_firmware ryzen_3900xt ryzen_3100 ryzen_3500x ryzen_3100_firmware ryzen_3500_firmware ryzen_3500x_firmware ryzen_5900x_firmware ryzen_5700x_firmware ryzen_5800x3d ryzen_3900x_firmware ryzen_3900 Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WS AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”

CVE-2021-46765

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.11% / 30.83%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:01

Updated-27 Jan, 2025 | 18:15

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

Product-ryzen_6980hx ryzen_5500_firmware ryzen_3800x ryzen_3900x ryzen_3900 ryzen_5600g ryzen_3500x_firmware ryzen_5600 ryzen_5700x ryzen_5800x3d_firmware ryzen_3500_firmware ryzen_3900_firmware ryzen_6980hs ryzen_5975wx_firmware ryzen_5965wx ryzen_5900x_firmware ryzen_6800u_firmware ryzen_5900x ryzen_3500x ryzen_5800 ryzen_3600 ryzen_6800hs ryzen_3900xt_firmware ryzen_6600u ryzen_5800x_firmware ryzen_3500 ryzen_5500 ryzen_5600ge ryzen_6800hs_firmware ryzen_5955wx ryzen_5900 ryzen_6800u ryzen_6900hx ryzen_5800_firmware ryzen_3600x ryzen_5950x ryzen_5600g_firmware ryzen_6900hs ryzen_3300x ryzen_3950x_firmware ryzen_3800x_firmware ryzen_5955wx_firmware ryzen_3900xt ryzen_6800h_firmware ryzen_5600ge_firmware ryzen_5945wx_firmware ryzen_5700ge ryzen_3600xt ryzen_5800x ryzen_3600x_firmware ryzen_5995wx_firmware ryzen_3900x_firmware ryzen_6900hs_firmware ryzen_5700g ryzen_6900hx_firmware ryzen_6600h ryzen_5600x ryzen_5700ge_firmware ryzen_5300g_firmware ryzen_5700x_firmware ryzen_5965wx_firmware ryzen_5300ge_firmware ryzen_5600_firmware ryzen_3950x ryzen_5300ge ryzen_5600x_firmware ryzen_6980hx_firmware ryzen_3800xt ryzen_6980hs_firmware ryzen_5950x_firmware ryzen_3800xt_firmware ryzen_6600hs_firmware ryzen_6600u_firmware ryzen_5995wx ryzen_3100_firmware ryzen_3300x_firmware ryzen_6800h ryzen_3600xt_firmware ryzen_5300g ryzen_5700g_firmware ryzen_5945wx ryzen_3600_firmware ryzen_3100 ryzen_5800x3d ryzen_6600h_firmware ryzen_5975wx ryzen_5900_firmware ryzen_6600hs Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Ryzen™ 6000 Series Mobile Processors "Rembrandt"Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46749

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.97%

7 Day CHG~0.00%

Published-09 May, 2023 | 18:59

Updated-28 Jan, 2025 | 16:15

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Product-ryzen_2600x athlon_gold_3150ge ryzen_3600x_firmware ryzen_3800x ryzen_1200_\(af\)_firmware ryzen_3300x ryzen_5300ge ryzen_3600 ryzen_5995wx ryzen_2920x_firmware ryzen_5600 ryzen_5955wx ryzen_5800x_firmware ryzen_2700e ryzen_2600_firmware ryzen_5500_firmware ryzen_5900 ryzen_3600x ryzen_2920x ryzen_pro_2100ge_firmware ryzen_2970wx_firmware ryzen_3800x_firmware ryzen_3600xt_firmware ryzen_5700x ryzen_5600x ryzen_2300x_firmware ryzen_5300g_firmware ryzen_5700ge ryzen_2600e_firmware ryzen_2950x ryzen_3900xt_firmware ryzen_2600 ryzen_3600_firmware ryzen_2500x ryzen_5600x_firmware ryzen_3900xt ryzen_5945wx_firmware ryzen_2990wx_firmware athlon_gold_3150g_firmware ryzen_5800_firmware ryzen_2990wx ryzen_3100_firmware ryzen_3500_firmware ryzen_2500x_firmware ryzen_5300g ryzen_2200ge ryzen_2200ge_firmware ryzen_3900 ryzen_5975wx ryzen_2200g ryzen_2950x_firmware ryzen_2600e ryzen_2700_firmware ryzen_5800 ryzen_3800xt_firmware ryzen_5800x ryzen_5800x3d_firmware ryzen_3300x_firmware athlon_silver_3050ge ryzen_2970wx athlon_silver_3050ge_firmware ryzen_3800xt ryzen_5500 ryzen_2700x_firmware ryzen_3900x ryzen_2600x_firmware ryzen_5955wx_firmware ryzen_3500 ryzen_5300ge_firmware ryzen_2400ge_firmware ryzen_3950x ryzen_5995wx_firmware ryzen_5950x_firmware athlon_gold_3150g ryzen_1200_\(af\)ryzen_5700g_firmware ryzen_5900_firmware ryzen_3600xt ryzen_5600ge_firmware ryzen_5600g ryzen_5950x ryzen_2400g ryzen_pro_2100ge ryzen_5600_firmware ryzen_2700x ryzen_5965wx_firmware ryzen_5600g_firmware ryzen_2400ge ryzen_5945wx ryzen_5965wx ryzen_5700g ryzen_5600ge ryzen_3900_firmware ryzen_2700 ryzen_2200g_firmware ryzen_5900x ryzen_3950x_firmware ryzen_5700ge_firmware ryzen_3100 ryzen_1600_\(af\)ryzen_2300x ryzen_1600_\(af\)_firmware ryzen_3500x ryzen_3500x_firmware ryzen_2400g_firmware ryzen_5900x_firmware ryzen_5700x_firmware ryzen_5975wx_firmware ryzen_5800x3d ryzen_3900x_firmware ryzen_2700e_firmware athlon_gold_3150ge_firmware Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WS Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46794

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.97%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:01

Updated-28 Jan, 2025 | 16:15

Product-ryzen_2600x athlon_gold_3150ge ryzen_3600x_firmware ryzen_3800x ryzen_1200_\(af\)_firmware ryzen_3300x ryzen_5300ge ryzen_3600 ryzen_5995wx ryzen_2920x_firmware ryzen_5600 ryzen_5955wx ryzen_5800x_firmware ryzen_2700e ryzen_2600_firmware ryzen_5500_firmware ryzen_5900 ryzen_3600x ryzen_2920x ryzen_pro_2100ge_firmware ryzen_2970wx_firmware ryzen_3800x_firmware ryzen_3600xt_firmware ryzen_5700x ryzen_5600x ryzen_2300x_firmware ryzen_5300g_firmware ryzen_5700ge ryzen_2600e_firmware ryzen_2950x ryzen_3900xt_firmware ryzen_2600 ryzen_3600_firmware ryzen_2500x ryzen_5600x_firmware ryzen_3900xt ryzen_5945wx_firmware ryzen_2990wx_firmware athlon_gold_3150g_firmware ryzen_5800_firmware ryzen_2990wx ryzen_3100_firmware ryzen_3500_firmware ryzen_2500x_firmware ryzen_5300g ryzen_2200ge ryzen_2200ge_firmware ryzen_3900 ryzen_5975wx ryzen_2200g ryzen_2950x_firmware ryzen_2600e ryzen_2700_firmware ryzen_5800 ryzen_3800xt_firmware ryzen_5800x ryzen_5800x3d_firmware ryzen_3300x_firmware athlon_silver_3050ge ryzen_2970wx athlon_silver_3050ge_firmware ryzen_3800xt ryzen_5500 ryzen_2700x_firmware ryzen_3900x ryzen_2600x_firmware ryzen_5955wx_firmware ryzen_3500 ryzen_5300ge_firmware ryzen_2400ge_firmware ryzen_3950x ryzen_5995wx_firmware ryzen_5950x_firmware athlon_gold_3150g ryzen_1200_\(af\)ryzen_5700g_firmware ryzen_5900_firmware ryzen_3600xt ryzen_5600ge_firmware ryzen_5600g ryzen_5950x ryzen_2400g ryzen_pro_2100ge ryzen_5600_firmware ryzen_2700x ryzen_5965wx_firmware ryzen_5600g_firmware ryzen_2400ge ryzen_5945wx ryzen_5965wx ryzen_5700g ryzen_5600ge ryzen_3900_firmware ryzen_2700 ryzen_2200g_firmware ryzen_5900x ryzen_3950x_firmware ryzen_5700ge_firmware ryzen_3100 ryzen_1600_\(af\)ryzen_2300x ryzen_1600_\(af\)_firmware ryzen_3500x ryzen_3500x_firmware ryzen_2400g_firmware ryzen_5900x_firmware ryzen_5700x_firmware ryzen_5975wx_firmware ryzen_5800x3d ryzen_3900x_firmware ryzen_2700e_firmware athlon_gold_3150ge_firmware Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Ryzen™ Threadripper™ PRO Processors “Chagall” WS Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-46764

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.11% / 30.83%

7 Day CHG~0.00%

Published-09 May, 2023 | 18:36

Updated-28 Jan, 2025 | 16:15

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.

Product-epyc_72f3_firmware epyc_7443p epyc_7552_firmware epyc_7282_firmware epyc_7742_firmware epyc_7773x epyc_7f72_firmware epyc_7413 epyc_7532 epyc_7313p_firmware epyc_7702p_firmware epyc_7663 epyc_7h12 epyc_7453 epyc_73f3_firmware epyc_7f52 epyc_7543_firmware epyc_7f32 epyc_7402p epyc_7552 epyc_73f3 epyc_74f3_firmware epyc_7252 epyc_7402_firmware epyc_7642_firmware epyc_75f3_firmware epyc_7262_firmware epyc_7343 epyc_7542 epyc_7642 epyc_7443_firmware epyc_7272_firmware epyc_7302 epyc_7f32_firmware epyc_7763_firmware epyc_7573x_firmware epyc_7252_firmware epyc_7473x_firmware epyc_7352 epyc_7643_firmware epyc_7662 epyc_7473x epyc_7232p epyc_7532_firmware epyc_7453_firmware epyc_7713p_firmware epyc_7302_firmware epyc_7702_firmware epyc_7742 epyc_72f3 epyc_7f52_firmware epyc_7543p epyc_7502 epyc_7452 epyc_7513 epyc_7302p epyc_7763 epyc_7413_firmware epyc_74f3 epyc_7502_firmware epyc_7402p_firmware epyc_7713p epyc_7402 epyc_7643 epyc_7313 epyc_7232p_firmware epyc_7443 epyc_7302p_firmware epyc_7663_firmware epyc_7352_firmware epyc_7543 epyc_7502p_firmware epyc_7713_firmware epyc_7713 epyc_7702 epyc_7702p epyc_75f3 epyc_7313p epyc_7773x_firmware epyc_7313_firmware epyc_7573x epyc_7502p epyc_7h12_firmware epyc_7452_firmware epyc_7543p_firmware epyc_7282 epyc_7272 epyc_7513_firmware epyc_7373x epyc_7662_firmware epyc_7542_firmware epyc_7f72 epyc_7343_firmware epyc_7443p_firmware epyc_7373x_firmware epyc_7262 3rd Gen AMD EPYC™ 2nd Gen AMD EPYC™

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-46774

Matching Score-8

Matching Score-8

CVSS Score-6.7||MEDIUM

EPSS-0.02% / 4.06%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:52

Updated-11 Oct, 2024 | 18:07

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVE-2020-12988

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.30% / 52.47%

7 Day CHG~0.00%

Published-11 Jun, 2021 | 21:50

Updated-16 Sep, 2024 | 16:33

A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7371_firmware epyc_7443_firmware epyc_7402p epyc_7261 epyc_7451 epyc_7282_firmware epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7f32 epyc_7542_firmware epyc_7551_firmware epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7351p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7h12 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7401p epyc_7281_firmware epyc_7413_firmware epyc_7h12_firmware epyc_7302 epyc_7601 epyc_7232p epyc_7002 epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_72f3_firmware epyc_7371 epyc_7001 epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7001_firmware epyc_75f3_firmware epyc_7662_firmware epyc_7f72_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7281 epyc_7551 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7401p_firmware epyc_7002_firmware epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7401 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7003_firmware epyc_7443p_firmware epyc_7003 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7351 epyc_7261_firmware epyc_7313_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7301_firmware epyc_73f3 1st/2nd/3rd Gen AMD EPYC™ Processors

CVE-2024-21980

Matching Score-6

Matching Score-6

CVSS Score-7.9||HIGH

EPSS-0.93% / 75.19%

7 Day CHG~0.00%

Published-05 Aug, 2024 | 16:06

Updated-26 Nov, 2024 | 19:13

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-26369

Matching Score-6

Matching Score-6

CVSS Score-7.8||HIGH

EPSS-0.14% / 34.30%

7 Day CHG-0.01%

Published-12 May, 2022 | 17:07

Updated-16 Sep, 2024 | 19:51

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

Product-athlon_3150ge ryzen_3_3300x_firmware ryzen_5_5600h athlon_3150g_firmware ryzen_3_3100_firmware ryzen_threadripper_2950x_firmware ryzen_3_5425c ryzen_9_3900x ryzen_3_3300g_firmware ryzen_3_5425u_firmware ryzen_5_3450g athlon_3050ge ryzen_5_5600u ryzen_5_2500u ryzen_9_5980hx ryzen_3_2300u_firmware ryzen_7_5800hs ryzen_5_5600x ryzen_9_5900hx_firmware ryzen_5_5600hs ryzen_threadripper_2970wx ryzen_3_2300u ryzen_7_5825u ryzen_5_2600x ryzen_7_5825u_firmware ryzen_7_2700u_firmware ryzen_5_5700ge ryzen_5_3600x_firmware ryzen_5_5625u ryzen_threadripper_2920x_firmware ryzen_5_3400g ryzen_3_5125c ryzen_7_3800x_firmware ryzen_7_2800h_firmware ryzen_threadripper_2950x ryzen_5_5700g ryzen_9_5900hs_firmware ryzen_5_5600u_firmware ryzen_5_3600x ryzen_5_2500u_firmware ryzen_3_3100 ryzen_threadripper_2970wx_firmware ryzen_9_3950x_firmware ryzen_3_2200u_firmware ryzen_9_5900hs ryzen_3_2200u ryzen_7_2700x ryzen_5_5700g_firmware ryzen_9_5980hs ryzen_threadripper_2920x ryzen_3_5125c_firmware ryzen_7_5800u_firmware ryzen_9_3900x_firmware ryzen_7_5825c_firmware ryzen_5_2600 ryzen_7_2700 ryzen_7_2700x_firmware ryzen_7_5800h_firmware ryzen_3_3300x ryzen_7_3700x ryzen_5_5625c_firmware ryzen_3_5425u ryzen_5_2600h ryzen_5_5625c ryzen_5_5700ge_firmware ryzen_9_5980hx_firmware ryzen_7_2700u ryzen_3_5400u ryzen_5_3450g_firmware radeon_software ryzen_7_5825c ryzen_5_2600h_firmware ryzen_7_5800u ryzen_7_2800h athlon_3150g ryzen_9_5900hx ryzen_5_2600x_firmware ryzen_5_5600x_firmware ryzen_7_3700x_firmware ryzen_9_5980hs_firmware ryzen_9_3950x ryzen_threadripper_2990wx ryzen_5_5600hs_firmware ryzen_5_3400g_firmware ryzen_7_2700_firmware ryzen_3_5425c_firmware athlon_3150ge_firmware ryzen_5_5600h_firmware ryzen_3_3300g ryzen_7_5800h ryzen_3_5400u_firmware ryzen_5_2600_firmware ryzen_5_3600 ryzen_7_5800hs_firmware ryzen_7_3800x ryzen_5_5625u_firmware athlon_3050ge_firmware ryzen_5_3600_firmware ryzen_threadripper_2990wx_firmware Athlon™ Series Ryzen™ Series

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26336

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.62%

7 Day CHG-0.01%

Published-16 Nov, 2021 | 18:04

Updated-16 Sep, 2024 | 17:33

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26372

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.50%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:18

Updated-16 Sep, 2024 | 19:15

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

Product-epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7282_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7573x epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7373x epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7302 epyc_7413_firmware epyc_7232p epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_7773x_firmware epyc_7373x_firmware epyc_72f3_firmware epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7662_firmware epyc_7f72_firmware epyc_75f3_firmware epyc_7642 epyc_7473x epyc_7473x_firmware epyc_7343_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_7313p epyc_7663_firmware epyc_7573x_firmware epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7443p_firmware epyc_7773x epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_73f3 Athlon™ Series Ryzen™ Series EPYC™ Processors

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-31352

Matching Score-6

Matching Score-6

CVSS Score-6||MEDIUM

EPSS-0.02% / 3.81%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 22:44

Updated-12 Feb, 2025 | 15:34

A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.

Product-AMD EPYC™ Embedded 9004 AMD EPYC™ 9004 Processors

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-46757

Matching Score-6

Matching Score-6

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.15%

7 Day CHG~0.00%

Published-13 Feb, 2024 | 19:23

Updated-07 May, 2025 | 22:15

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-46748

Matching Score-6

Matching Score-6

Product-radeon_rx_7700s ryzen_5_pro_3200ge radeon_pro_w6900x ryzen_3_5300u radeon_rx_5700m radeon_rx_vega_m_firmware radeon_pro_w6500m radeon_rx_7900_gre radeon_rx_vega_56 core_i5-8305g radeon_pro_vega_56_firmware ryzen_5_4600hs radeon_rx_5600 ryzen_7_4980u radeon_rx_5300m radeon_rx_7900m ryzen_3_3015ce radeon_rx_7900_xt radeon_rx_5500_xt radeon_rx_6600s radeon_rx_6650m nuc_8_enthusiast_nuc8i7hvkvaw radeon_rx_6650_xt radeon_pro_w6800x radeon_rx_6700_xt ryzen_5_pro_3400g radeon_rx_7600m_xt ryzen_5_pro_3350ge ryzen_5_5600g ryzen_5_pro_3400ge radeon_pro_w6600 radeon_pro_vega_64 radeon_rx_6700m ryzen_5_4680u ryzen_5_5500u nuc_8_enthusiast_nuc8i7hvkva radeon_pro_w7600 radeon_rx_6650m_xt radeon_rx_6700 radeon_rx_7700_xt radeon_rx_7600s radeon_rx_6550m radeon_rx_5600_xt radeon_rx_6850m_xt radeon_rx_6550s radeon_pro_w5700 radeon_rx_6800 ryzen_7_4800h ryzen_3_3015e radeon_software radeon_rx_6600m radeon_rx_5500m radeon_rx_7900_xtx ryzen_7_5700g nuc_8_enthusiast_nuc8i7hnkqc radeon_rx_6900_xt radeon_rx_5600m radeon_rx_6950_xt ryzen_3_4300ge ryzen_5_pro_3200g radeon_rx_vega_64_firmware ryzen_7_4700g ryzen_3_4300g ryzen_9_4900hs radeon_rx_5700_xt radeon_rx_6500m core_i7-8706g radeon_rx_6800_xt radeon_pro_w6400 radeon_rx_6500_xt radeon_rx_5700 radeon_rx_6450m radeon_rx_7800_xt ryzen_5_4500u radeon_rx_5300 radeon_pro_w5500x radeon_pro_w6300m ryzen_5_4600u radeon_pro_w6800x_duo radeon_pro_vega_64_firmware radeon_rx_5500 ryzen_7_4700ge ryzen_9_4900h radeon_rx_6400 radeon_rx_6600_xt radeon_pro_vega_56 ryzen_7_5700u radeon_rx_6800m radeon_rx_6300m ryzen_5_4600ge radeon_rx_7600 radeon_pro_w6300 radeon_pro_w6600x ryzen_5_5500h radeon_pro_w7500 radeon_rx_vega_56_firmware radeon_rx_7600m core_i7-8709g ryzen_7_4700u radeon_pro_w6600m ryzen_5_5600ge core_i7-8705g ryzen_3_4300u radeon_pro_w5500 ryzen_3_5300ge ryzen_5_4500 ryzen_3_4100 ryzen_7_4800hs radeon_pro_w5700x radeon_pro_w6800 ryzen_7_5700ge radeon_rx_6600 radeon_rx_vega_64 ryzen_3_5300g ryzen_5_4600g nuc_kit_nuc8i7hnk nuc_kit_nuc8i7hvk ryzen_5_pro_3350g ryzen_5_4600h radeon_pro_w7800 radeon_rx_6700s radeon_rx_5300_xt radeon_rx_6800s Radeon™ RX Vega Series Graphics Cards Radeon™ PRO WX Vega Series Graphics Cards Radeon™ RX 5000/6000/7000 Series Graphics Cards Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 28.77%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:50

Updated-13 Feb, 2025 | 17:15

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

Vendor-Intel Corporation Advanced Micro Devices, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-23813

Matching Score-6

Matching Score-6

CVSS Score-5.3||MEDIUM

EPSS-0.15% / 35.79%

7 Day CHG~0.00%

Published-10 Jan, 2023 | 20:56

Updated-09 Apr, 2025 | 14:44

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.

Product-milanpi-sp3_firmware romepi romepi_firmware milanpi-sp3 3rd Gen EPYC 2nd Gen EPYC

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-31355

Matching Score-6

Matching Score-6

CVSS Score-6||MEDIUM

EPSS-0.93% / 75.19%

7 Day CHG~0.00%

Published-05 Aug, 2024 | 16:04

Updated-26 Nov, 2024 | 19:10

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-46760

Matching Score-6

Matching Score-6

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 45.42%

7 Day CHG~0.00%

Published-09 May, 2023 | 19:01

Updated-27 Jan, 2025 | 18:15

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

Product-ryzen_3975wx ryzen_3975wx_firmware ryzen_3955wx_firmware ryzen_3995wx ryzen_3955wx ryzen_3970x_firmware ryzen_3960x ryzen_3945wx_firmware ryzen_3970x ryzen_3990x ryzen_3960x_firmware ryzen_3995wx_firmware ryzen_3945wx ryzen_3990x_firmware 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26364

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.08% / 23.53%

7 Day CHG+0.02%

Published-11 May, 2022 | 16:25

Updated-16 Sep, 2024 | 20:42

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26378

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 21.50%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:23

Updated-16 Sep, 2024 | 20:22

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26352

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 32.62%

7 Day CHG-0.01%

Published-10 May, 2022 | 18:26

Updated-16 Sep, 2024 | 16:58

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2011-3359

Matching Score-4

Assigner-Red Hat, Inc.

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-7.5||HIGH

EPSS-0.85% / 73.94%

7 Day CHG~0.00%

Published-24 May, 2012 | 23:00

Updated-11 Apr, 2025 | 00:51

The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.

Vendor-n/a Linux Kernel Organization, Inc

Product-linux_kernel n/a

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2025-8243

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.33% / 55.31%

7 Day CHG~0.00%

Published-27 Jul, 2025 | 21:32

Updated-29 Jul, 2025 | 21:03

TOTOLINK X15 HTTP POST Request formMapDel buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-x15_firmware x15 X15

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-8242

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.40% / 59.98%

7 Day CHG~0.00%

Published-27 Jul, 2025 | 21:02

Updated-29 Jul, 2025 | 21:13

TOTOLINK X15 HTTP POST Request formFilter buffer overflow

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-x15_firmware x15 X15

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2025-8245

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.21% / 43.72%

7 Day CHG~0.00%

Published-27 Jul, 2025 | 22:32

Updated-29 Jul, 2025 | 21:12

TOTOLINK X15 HTTP POST Request formMultiAPVLAN buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-x15_firmware x15 X15

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2018-7167

Matching Score-4

Assigner-Node.js

Matching Score-4

Assigner-Node.js

CVSS Score-7.5||HIGH

EPSS-0.95% / 75.39%

7 Day CHG~0.00%

Published-13 Jun, 2018 | 16:00

Updated-17 Sep, 2024 | 02:00

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.

Vendor-Node.js (OpenJS Foundation)

Product-node.js Node.js

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2025-8246

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.21% / 43.72%

7 Day CHG~0.00%

Published-27 Jul, 2025 | 23:02

Updated-29 Jul, 2025 | 21:13

TOTOLINK X15 HTTP POST Request formRoute buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-x15_firmware x15 X15

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-20049

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-8.6||HIGH

EPSS-1.09% / 77.08%

7 Day CHG~0.00%

Published-09 Mar, 2023 | 00:00

Updated-28 Oct, 2024 | 16:33

Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

Vendor-Cisco Systems, Inc.

Product-asr_9910 asr_9906 asr_9904 asr_9006 asr_9903 asr_9912 asr_9010 asr_9922 asr_9001 asr_9000v-v2 ios_xr asr_9902 asr_9901 Cisco IOS XR Software

CWE ID-CWE-805

Buffer Access with Incorrect Length Value

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2024-27879

Matching Score-4

Assigner-Apple Inc.

Matching Score-4

Assigner-Apple Inc.

CVSS Score-7.5||HIGH

EPSS-0.25% / 48.37%

7 Day CHG~0.00%

Published-16 Sep, 2024 | 23:22

Updated-12 Dec, 2024 | 16:07

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

Vendor-Apple Inc.

Product-iphone_os ipados iOS and iPadOS iphone_os ipados

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-7838

Matching Score-4

Assigner-Schneider Electric

Matching Score-4

Assigner-Schneider Electric

CVSS Score-7.5||HIGH

EPSS-0.37% / 57.86%

7 Day CHG~0.00%

Published-15 Jul, 2019 | 20:49

Updated-05 Aug, 2024 | 06:37

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-5732

Matching Score-4

Assigner-Internet Systems Consortium (ISC)

Matching Score-4

Assigner-Internet Systems Consortium (ISC)

CVSS Score-7.5||HIGH

EPSS-2.37% / 84.32%

7 Day CHG~0.00%

Published-09 Oct, 2019 | 14:17

Updated-16 Sep, 2024 | 18:19

A specially constructed response from a malicious server can cause a buffer overflow in dhclient

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Vendor-Internet Systems Consortium, Inc.

Product-dhcp ISC DHCP

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-38201

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.52% / 65.90%

7 Day CHG~0.00%

Published-08 Aug, 2021 | 19:26

Updated-04 Aug, 2024 | 01:37

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.

Vendor-n/a NetApp, Inc.Linux Kernel Organization, Inc

Product-linux_kernel hci_storage_node hci_management_node hci_bootstrap_os hci_compute_node element_software solidfire n/a

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-0613

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.07% / 21.72%

7 Day CHG~0.00%

Published-01 Feb, 2023 | 13:40

Updated-02 Aug, 2024 | 05:17

TRENDnet TEW-811DRU httpd security.asp memory corruption

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.

Vendor-TRENDnet, Inc.

Product-tew-811dru_firmware tew-811dru TEW-811DRU

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-0618

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.07% / 21.72%

7 Day CHG~0.00%

Published-01 Feb, 2023 | 16:49

Updated-02 Aug, 2024 | 05:17

TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability.

Vendor-TRENDnet, Inc.

Product-tew-652brp_firmware tew-652brp TEW-652BRP

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-24476

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.95% / 75.46%

7 Day CHG~0.00%

Published-21 Feb, 2024 | 00:00

Updated-14 Apr, 2025 | 12:55

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

Vendor-n/a Wireshark Foundation Fedora Project

Product-wireshark fedora n/a wireshark

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2025-6824

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.17% / 38.09%

7 Day CHG~0.00%

Published-28 Jun, 2025 | 20:00

Updated-01 Jul, 2025 | 00:33

TOTOLINK X15 HTTP POST Request formParentControl buffer overflow

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-x15_firmware x15 X15

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2025-6393

Matching Score-4

Assigner-VulDB

Matching Score-4

Assigner-VulDB

CVSS Score-8.7||HIGH

EPSS-0.40% / 59.85%

7 Day CHG~0.00%

Published-21 Jun, 2025 | 01:00

Updated-09 Jul, 2025 | 18:43

TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow

A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor-TOTOLINK

Product-a3002r_firmware a702r_firmware a3002r a3002ru a702r ex1200t_firmware ex1200t a3002ru_firmware A3002RU A702R EX1200T A3002R

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-22041

Matching Score-4

Assigner-Siemens

Matching Score-4

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.20% / 42.65%

7 Day CHG~0.00%

Published-12 Mar, 2024 | 10:21

Updated-01 Aug, 2024 | 22:35

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.

Vendor-Siemens AG

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-47375

Matching Score-4

Assigner-Siemens

Matching Score-4

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.30% / 53.03%

7 Day CHG~0.00%

Published-12 Dec, 2023 | 11:25

Updated-03 Aug, 2024 | 14:55

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

CWE ID-CWE-805

Buffer Access with Incorrect Length Value

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2024-21916

Matching Score-4

Assigner-Rockwell Automation

Product-controllogix_5570_controller guardlogix_5570_controller controllogix_5570_redundant_controller_firmware controllogix_5570_redundant_controller guardlogix_5570_controller_firmware controllogix_5570_controller_firmware ControlLogix® 5570 redundant GuardLogix® 5570 ControlLogix® 5570 controllogix_5570_redundant_controller_firmware guardlogix_5570_controller_firmware controllogix_5570_controller_firmware

Matching Score-4

Assigner-Rockwell Automation

CVSS Score-8.6||HIGH

EPSS-0.51% / 65.55%

7 Day CHG~0.00%

Published-31 Jan, 2024 | 18:28

Updated-01 Aug, 2024 | 22:35

Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

Vendor-Rockwell Automation, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-4025

Matching Score-4

Assigner-Talos

Matching Score-4

Assigner-Talos

CVSS Score-7.5||HIGH

EPSS-0.18% / 39.49%

7 Day CHG~0.00%

Published-13 May, 2019 | 15:24

Updated-05 Aug, 2024 | 05:04

An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot.

Vendor-anker-in n/a

Product-roav_dashcam_a1_firmware roav_dashcam_a1 Novatek

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2025-53715

Matching Score-4

Assigner-TP-Link Systems Inc.