ByteOS

AMD Ryzen™ Threadripper™ 3000 Processors

Product

Default Status

affected

Versions

Unaffected

CastlePeakPI-SP3r3 1.0.0.C

Vendor

AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors

Product

Default Status

affected

Versions

Unaffected

ChagallWSPI-sWRX8-1.0.0.7

Vendor

AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

CezannePI-FP6_1.0.1.0

Vendor

AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors

Product

Default Status

affected

Versions

Unaffected

CastlePeakWSPI-sWRX8 1.0.0.E
ChagallWSPI-sWRX8-1.0.0.7

Vendor

AMD Ryzen™ 3000 Series Desktop Processors

Product

Default Status

affected

Versions

Unaffected

ComboAM4 1.0.0.B
ComboAM4v2PI_1.2.0.CA

Vendor

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

Picasso-FP5 1.0.1.1

Vendor

AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

Picasso-FP5 1.0.1.1

Vendor

AMD Ryzen™ 5000 Series Desktop Processors

Product

Default Status

affected

Versions

Unaffected

ComboAM4v2PI_1.2.0.CA

Vendor

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

ComboAM4 1.0.0.B

Vendor

AMD Ryzen™ 8000 Series Desktop Processors

Product

Default Status

affected

Versions

Unaffected

ComboAM5 1.2.0.0

Vendor

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

PhoenixPI-FP8-FP7_1.1.0.2

Vendor

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

Renoir-FP6 1.0.0.D

Vendor

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

Rembrandt-FP7 1.0.0.A

Vendor

AMD Ryzen™ 7000 Series Desktop Processors

Product

Default Status

affected

Versions

Unaffected

ComboAM5 1.2.0.0

Vendor

AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

MendocinoPI-FT6_1.0.0.6

Vendor

AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

DragonRangeFL1 1.0.0.3d

Vendor

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

Rembrandt-FP7 1.0.0.A

Vendor

AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

CezannePI-FP6_1.0.1.0

Vendor

AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics

Product

Default Status

affected

Versions

Unaffected

ComboAM4v2PI_1.2.0.CA

Vendor

AMD Ryzen™ 4000 Series Desktop Processors

Product

Default Status

affected

Versions

Unaffected

ComboAM4v2PI_1.2.0.CA

Vendor

AMD Ryzen™ Embedded R1000 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbeddedPI-FP5 120C

Vendor

AMD Ryzen™ Embedded R2000 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbeddedR2KPI-FP5_1003

Vendor

AMD Ryzen™ Embedded 5000 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbAM4PI 1.0.0.5

Vendor

AMD Ryzen™ Embedded V1000 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbeddedPI-FP5 120C

Vendor

AMD Ryzen™ Embedded V2000 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbeddedPI-FP6_1.0.0.A

Vendor

AMD Ryzen™ Embedded V3000 Series Processors

Product

Default Status

affected

Versions

Unaffected

Embedded-PI_FP7r2 1009

Problem Types

Type	CWE ID	Description
CWE	CWE-1220	CWE-1220 Insufficient Granularity of Access Control

Type: CWE

CWE ID: CWE-1220

Description: CWE-1220 Insufficient Granularity of Access Control

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Credits

finder

Reported through AMD Bug Bounty Program

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html	N/A
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html

Resource: N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:06 Sep, 2025 | 18:15

Updated At:23 Sep, 2025 | 22:15

Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-1220	Secondary	psirt@amd.com

CWE ID: CWE-1220

Type: Secondary

Source: psirt@amd.com

References

Hyperlink	Source	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html	psirt@amd.com	N/A
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html	psirt@amd.com	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html

Source: psirt@amd.com

Resource: N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

Source: psirt@amd.com

Resource: N/A

Similar CVEs

12Records found

CVE-2023-31342

Matching Score-10

Matching Score-10

CVSS Score-7.5||HIGH

EPSS-0.02% / 4.85%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 22:24

Updated-23 Sep, 2025 | 22:15

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2023-31343

Matching Score-10

Matching Score-10

CVSS Score-7.5||HIGH

EPSS-0.02% / 4.85%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 22:35

Updated-23 Sep, 2025 | 22:15

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2023-31315

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.03% / 9.68%

7 Day CHG~0.00%

Published-09 Aug, 2024 | 17:08

Updated-12 Sep, 2024 | 12:56

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Product-AMD Ryzen™ Embedded V3000 AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Embedded 5000 AMD EPYC™ Embedded 7003 3rd Gen AMD EPYC™ Processors AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Desktop Processors AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Ryzen™ Embedded R2000 1st Gen AMD EPYC™ Processors AMD Ryzen™ Embedded V2000 AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics 4th Gen AMD EPYC™ Processors AMD Ryzen™ Threadripper™ PRO Processors AMD Ryzen™ Embedded V1000 AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics AMD EPYC™ Embedded 9003 AMD EPYC™ Embedded 7002 AMD Ryzen™ 7045 Series Mobile Processors AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors AMD Ryzen™ 3000 Series Desktop Processors AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics AMD Ryzen™ Embedded 7000 2nd Gen AMD EPYC™ Processors AMD Ryzen™ 7000 Series Desktop Processors AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD Ryzen™ Embedded R1000 AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics AMD EPYC™ Embedded 3000 AMD Ryzen™ Threadripper™ 3000 Series Processors AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics ryzen_4000_series_mobile_processors_with_radeon_graphics ryzen_5000_series_desktop_processors ryzen_threadripper_pro_processors epyc_embedded_9003 epyc_embedded_7003 ryzen_threadripper_pro_3000wx_series_processors ryzen_7040_series_mobile_processors_with_radeon_graphics ryzen_embedded_v1000 epyc_embedded_7002 ryzen_embedded_v2000 ryzen_5000_series_desktop_processors_with_radeon_graphics ryzen_embedded_7000 ryzen_embedded_v3000 ryzen_3000_series_desktop_processors athlon_3000_series_mobile_processors_with_radeon_graphics ryzen_3000_series_desktop_processors_with_radeon_graphics epyc_embedded_3000 2nd_gen_amd_epyc_processors ryzen_8000_series_processors_with_radeongraphics 4th_gen_amd_epyc_processors 1st_gen_amd_epyc_processors ryzen_7020_processors_with_radeongraphics ryzen_embedded_r1000 3rd_gen_amd_epyc_processors ryzen_threadripper_3000_series_processors ryzen_4000_series_desktop_processors_with_radeon_graphics ryzen_7030_series-mobile_processors_with_radeon_graphics ryzen_7045_series_mobile_processors ryzen_7000_desktop_processors ryzen_7035_processors_with_radeongraphics ryzen_embedded_r2000 ryzen_5000_series_mobile_processors_with_radeon_graphics ryzen_embedded_5000 ryzen_6000_processors_with_radeongraphics

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2023-31345

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.02% / 4.85%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 23:49

Updated-23 Sep, 2025 | 22:15

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CWE ID-CWE-1274

Improper Access Control for Volatile Memory Containing Boot Code

CVE-2024-36354

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.01% / 0.81%

7 Day CHG~0.00%

Published-06 Sep, 2025 | 18:06

Updated-23 Sep, 2025 | 22:15

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

CWE ID-CWE-1231

Improper Prevention of Lock Bit Modification

CVE-2023-20578

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.08% / 22.63%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:52

Updated-18 Mar, 2025 | 20:15

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Product-epyc_9224 epyc_7303 epyc_7f32 epyc_9754s_firmware epyc_7272_firmware epyc_7313p epyc_7402p_firmware epyc_7663_firmware epyc_7301 epyc_7662_firmware epyc_9254_firmware epyc_7203p epyc_7313p_firmware epyc_9174f_firmware epyc_9384x_firmware epyc_7551_firmware epyc_7232p_firmware epyc_7443p epyc_9634 epyc_7203 epyc_7252_firmware epyc_7551p epyc_7742 epyc_7262 epyc_8324p epyc_7663 epyc_9124_firmware epyc_7713 epyc_7371_firmware epyc_9684x epyc_7351p_firmware epyc_7262_firmware epyc_7501 epyc_7552 epyc_7451_firmware epyc_8434pn_firmware epyc_9454p_firmware epyc_7773x_firmware epyc_7302p_firmware epyc_9754s epyc_72f3_firmware epyc_7543p epyc_7573x_firmware epyc_8534pn epyc_7702p_firmware epyc_7702p epyc_7702_firmware epyc_9124 epyc_9224_firmware epyc_7502 epyc_7513_firmware epyc_8534p epyc_7763 epyc_8224p_firmware epyc_7h12_firmware epyc_7281 epyc_9754_firmware epyc_7543_firmware epyc_7001_firmware epyc_8024pn epyc_7473x epyc_75f3 epyc_8434p epyc_9354 epyc_8434pn epyc_74f3 epyc_7303p epyc_9474f epyc_9634_firmware epyc_7502p_firmware epyc_7302p epyc_9684x_firmware epyc_9384x epyc_8534p_firmware epyc_9554p epyc_72f3 epyc_7552_firmware epyc_7272 epyc_8224pn epyc_8124p_firmware epyc_7453_firmware epyc_7713p_firmware epyc_9334_firmware epyc_74f3_firmware epyc_7282_firmware epyc_7473x_firmware epyc_7281_firmware epyc_7001 epyc_7f72_firmware epyc_7642_firmware epyc_7401 epyc_7f52_firmware epyc_7f72 epyc_9734 epyc_7502p epyc_7551p_firmware epyc_9184x epyc_7371 epyc_9654 epyc_8324pn epyc_8124pn epyc_7663p epyc_7343 epyc_7313 epyc_7402_firmware epyc_7402p epyc_9454_firmware epyc_7742_firmware epyc_7542_firmware epyc_8124pn_firmware epyc_7413_firmware epyc_9654p_firmware epyc_9474f_firmware epyc_9534 epyc_9374f epyc_7643_firmware epyc_7261 epyc_7452_firmware epyc_7642 epyc_7401_firmware epyc_7f32_firmware epyc_7203p_firmware epyc_7543p_firmware epyc_7601 epyc_9654_firmware epyc_7251 epyc_7352_firmware epyc_9554_firmware epyc_7763_firmware epyc_9654p epyc_9454p epyc_7252 epyc_7232p epyc_7543 epyc_7301_firmware epyc_7713_firmware epyc_7643 epyc_7663p_firmware epyc_7662 epyc_8224pn_firmware epyc_7351 epyc_7502_firmware epyc_9274f_firmware epyc_7532 epyc_7501_firmware epyc_7343_firmware epyc_7643p epyc_7702 epyc_7573x epyc_9534_firmware epyc_7302 epyc_7303_firmware epyc_7513 epyc_9184x_firmware epyc_7413 epyc_7453 epyc_9354_firmware epyc_8224p epyc_9374f_firmware epyc_7443p_firmware epyc_75f3_firmware epyc_7h12 epyc_7401p_firmware epyc_7282 epyc_7251_firmware epyc_7373x_firmware epyc_9254 epyc_9354p_firmware epyc_7551 epyc_8024p epyc_7443_firmware epyc_7443 epyc_8024p_firmware epyc_7203_firmware epyc_7402 epyc_9554p_firmware epyc_7313_firmware epyc_7601_firmware epyc_9734_firmware epyc_7643p_firmware epyc_7542 epyc_7452 epyc_7352 epyc_7261_firmware epyc_8324p_firmware epyc_9354p epyc_7451 epyc_9174f epyc_7351_firmware epyc_7773x epyc_7373x epyc_7532_firmware epyc_73f3 epyc_8434p_firmware epyc_9274f epyc_8534pn_firmware epyc_7713p epyc_9754 epyc_7401p epyc_7f52 epyc_8124p epyc_9454 epyc_8324pn_firmware epyc_9334 epyc_7302_firmware epyc_8024pn_firmware epyc_73f3_firmware epyc_7303p_firmware epyc_9554 epyc_7351p AMD EPYC™ Embedded 3000 AMD Ryzen™ Embedded 7000 AMD EPYC™ 7001 Processors AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD EPYC™ 7003 Processors AMD EPYC™ Embedded 7003 AMD EPYC™ 9004 Processors AMD EPYC™ 7002 Processors AMD RyzenTM Embedded V3000 AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics AMD EPYC™ Embedded 9003 AMD EPYC™ Embedded 7002 AMD Ryzen™ Threadripper™ PRO 5000WX Processors AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Ryzen™ 7000 Series Desktop Processors epyc_embedded_7002 epyc_embedded_7003 epyc_embedded_3000 epyc_7001 epyc_embedded_9003 epyc_7002 epyc_9004 ryzen_embedded_7000 ryzen_embedded_v3000

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-23815

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.08% / 24.09%

7 Day CHG~0.00%

Published-13 Aug, 2024 | 16:51

Updated-18 Mar, 2025 | 21:15

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

Product-ryzen_5_3580u athlon_gold_pro_3150g ryzen_3_3200u_firmware athlon_pro_300ge_firmware ryzen_5_3550h athlon_pro_300ge ryzen_7_3700u_firmware athlon_gold_3150g_firmware athlon_gold_pro_3150ge ryzen_5_3550h_firmware ryzen_7_3780u ryzen_3_3300u_firmware ryzen_5_3500u_firmware athlon_gold_pro_3150ge_firmware ryzen_7_3750h_firmware ryzen_7_pro_3700u athlon_gold_pro_3150g_firmware ryzen_7_pro_3700u_firmware ryzen_7_3780u_firmware ryzen_3_3250u_firmware athlon_gold_3150u athlon_silver_3050u ryzen_3_3250u ryzen_5_3580u_firmware ryzen_3_3300u athlon_silver_3050u_firmware ryzen_7_3750h ryzen_7_3700u athlon_gold_3150u_firmware athlon_gold_3150g ryzen_5_3500u ryzen_3_3200u AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD RyzenTM Embedded R1000 AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD RyzenTM Embedded V1000 AMD RyzenTM Embedded R2000 AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics ryzen_embedded_r1000 athlon_3000g ryzen_embedded_v1000 ryzen_embedded_r2000

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-23820

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.18% / 40.04%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:52

Updated-03 Aug, 2024 | 03:51

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

CWE ID-CWE-20

Improper Input Validation

CVE-2025-48514

Matching Score-6

Matching Score-6

CVSS Score-4||MEDIUM

EPSS-0.01% / 1.54%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:14

Updated-11 Feb, 2026 | 14:54

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

Product-AMD EPYC™ Embedded 7003 Series Processors AMD EPYC™ Embedded 9005 Series Processors AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")AMD EPYC™ 9004 Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ Embedded 8004 Series Processors

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2025-48517

Matching Score-6

Matching Score-6

CVSS Score-4.6||MEDIUM

EPSS-0.01% / 1.54%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:08

Updated-10 Feb, 2026 | 21:51

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.

Product-AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded 9005 Series Processors

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2024-21971

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.03% / 7.69%

7 Day CHG~0.00%

Published-12 Feb, 2025 | 00:01

Updated-23 Sep, 2025 | 22:15

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2024-33058

Matching Score-4

Assigner-Qualcomm, Inc.