cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21981,https://securityvulnerability.io/vulnerability/CVE-2024-21981,Potential Security Risks in AMD Secure Processor Due to Improper Key Usage Control,"Improper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access who has gained arbitrary code
execution privilege in ASP to
extract ASP cryptographic keys, potentially resulting in loss of
confidentiality and integrity.",Amd,"Amd Epyc™ 7001 Series Processors,Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors",5.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:54:58.122Z,0
CVE-2023-31356,https://securityvulnerability.io/vulnerability/CVE-2023-31356,Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss,"Incomplete memory cleanup in AMD's SEV (Secure Encrypted Virtualization) firmware poses a significant risk where a privileged attacker may exploit this flaw to corrupt guest private memory. This vulnerability can lead to potential loss of data integrity, compromising the confidentiality and reliability of virtualized environments.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:54:23.979Z,0
CVE-2023-20591,https://securityvulnerability.io/vulnerability/CVE-2023-20591,Persistence of Untrusted Platform Configuration Risks Memory Access,"The vulnerability arises from the improper re-initialization of the Input/Output Memory Management Unit (IOMMU) during the Dynamic Root of Trust for Measurement (DRTM) event. This flaw may enable an untrusted platform configuration to persist, which could allow attackers to read or modify hypervisor memory. The repercussions of this vulnerability include potential threats to the confidentiality, integrity, and availability of the affected systems, marking significant concerns for users relying on AMD hypervisor technologies.",Amd,"Amd Epyc™ 7003  Series Processors,Amd Epyc™ 9004 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors",10,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-08-13T16:53:23.681Z,0
CVE-2023-20584,https://securityvulnerability.io/vulnerability/CVE-2023-20584,Virtual Machine (VM) Integrity Bypass through IOMMU Misconfiguration,"The vulnerability arises from the way the IOMMU processes specific address ranges that contain invalid device table entries (DTEs). An attacker with the appropriate privileges, who has the ability to compromise a hypervisor, may exploit this flaw to generate DTE errors. Such errors can potentially allow the attacker to circumvent RMP (Reverse Memory Protection) checks within the SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) environment. This may ultimately lead to a compromise of guest integrity, posing significant risks to virtualized environments relying on AMD's technology.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:53:18.373Z,0
CVE-2023-20578,https://securityvulnerability.io/vulnerability/CVE-2023-20578,Attackers Can Modify Communications Buffer for Arbitrary Code Execution,"A vulnerability exists in the AMD BIOS stemming from a Time-of-Check Time-of-Use (TOCTOU) issue. This flaw can be exploited by attackers who have ring0 privileges and access to critical system components such as the BIOS menu or UEFI shell. By leveraging this vulnerability, an attacker could potentially alter the communications buffer, leading to the execution of arbitrary code. This capability raises significant security concerns as it may allow unauthorized access and control over affected systems.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded 7000,Amd Ryzentm Embedded V3000",6.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:58.457Z,0
CVE-2023-20518,https://securityvulnerability.io/vulnerability/CVE-2023-20518,Potential Loss of Confidentiality Due to Incomplete BIOS Menu or UEFI Shell Cleanup,"A vulnerability exists in AMD's Advanced Security Platform due to incomplete cleanup processes. This flaw allows a privileged attacker, who has access to the BIOS menu or UEFI shell, to potentially expose the Master Encryption Key (MEK). The risk of memory exfiltration associated with this vulnerability may lead to a significant loss of confidentiality, allowing unauthorized access to sensitive information. Organizations using affected AMD products are urged to review their security measures and apply any available patches to mitigate the risks.",Amd,"Amd Epyc™ 9004 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",1.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:55.976Z,0
CVE-2022-23817,https://securityvulnerability.io/vulnerability/CVE-2022-23817,Potential Privilege Escalation Vulnerability in ASP Secure OS,A security flaw exists in the ASP Secure OS due to insufficient validation of memory buffer operations. This vulnerability permits a malicious Trusted Application (TA) to access and modify the kernel's virtual address space. Such manipulation can result in unauthorized actions allowing the attacker to escalate privileges within the affected environment. The ramifications of this vulnerability underscore the necessity for robust security measures and timely updates to the affected systems.,Amd,"Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:51:45.468Z,0
CVE-2022-23815,https://securityvulnerability.io/vulnerability/CVE-2022-23815,Out of Bounds Write Vulnerability in APCB Firmware Could Lead to Arbitrary Code Execution,"A security vulnerability exists in the AMD APCB firmware due to improper bounds checking. This flaw allows an attacker to execute out of bounds write operations, which may corrupt the APCB entry. Such corruption can lead to various security implications, including the potential for arbitrary code execution, posing significant risks to the integrity of affected systems.",Amd,"Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzentm Embedded R1000,Amd Ryzentm Embedded R2000,Amd Ryzentm Embedded V1000",8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:51:43.735Z,0
CVE-2021-46772,https://securityvulnerability.io/vulnerability/CVE-2021-46772,Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service,"An input validation flaw within AMD BIOS and UEFI firmware enables a privileged attacker with access to the BIOS menu or UEFI shell to manipulate structure headers in SPI ROM. This manipulation may lead to out-of-bounds memory read and write operations, resulting in potential memory corruption or denial of service. The vulnerability emphasizes the importance of securing access to BIOS settings and implementing stringent input validation measures to mitigate risk.",Amd,"Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",3.9,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-08-13T16:50:54.016Z,0
CVE-2021-46746,https://securityvulnerability.io/vulnerability/CVE-2021-46746,Potential Security Vulnerability in TEE Could Lead to Denial of Service,"A vulnerability exists in the ASP Secure OS Trusted Execution Environment (TEE) due to inadequate stack protection mechanisms. This flaw could be exploited by a privileged attacker who has access to AMD signing keys to manipulate the return address, leading to a stack-based buffer overrun. Such an attack may result in a denial of service, compromising the security and functionality of the affected systems. Organizations using AMD's TEE should implement necessary mitigations to protect against potential exploitation.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",5.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:50:51.023Z,0
CVE-2021-26387,https://securityvulnerability.io/vulnerability/CVE-2021-26387,Potential Mapping of DRAM Regions in Protected Areas Could Lead to Loss of Platform Integrity,"An access control vulnerability within the ASP kernel of AMD products can be exploited by an attacker with privileged access. This scenario involves the attacker having access to AMD signing keys and the BIOS menu or UEFI shell. By leveraging this access, the attacker could potentially map DRAM regions in protected areas, which may compromise the integrity of the platform. It highlights a significant concern for users relying on AMD technologies who must ensure proper access controls are enforced to mitigate risks.",Amd,"Amd Epyc™ 7001 Series Processors,Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Epyc™ 9004 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",3.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:50:22.151Z,0
CVE-2021-26367,https://securityvulnerability.io/vulnerability/CVE-2021-26367,Misconfiguration of TMRs May Lead to Loss of Integrity and Availability,"A security vulnerability exists in certain AMD processors wherein a malicious actor can exploit misconfigurations of Trusted Memory Regions (TMRs). This exploitation allows the attacker to define arbitrary address ranges for TMRs, which could lead to significant challenges concerning the integrity and availability of the system. It is essential for users of affected AMD products to be aware of this issue and to apply the available security updates provided by the vendor to mitigate risks.",Amd,"Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:50:05.825Z,0
CVE-2021-26344,https://securityvulnerability.io/vulnerability/CVE-2021-26344,Potential Vulnerability in AMD PSP1 Configuration Block Could Allow Arbitrary Code Execution,"An out of bounds memory write vulnerability occurs when processing the AMD PSP1 Configuration Block (APCB), which could enable an attacker with necessary access to alter the BIOS image. This flaw could potentially be exploited to modify the APCB block, allowing for arbitrary code execution. Attackers capable of signing the modified BIOS images could leverage this vulnerability, potentially leading to severe security implications.",Amd,"Amd Epyc™ 7001 Series Processors,Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:49:52.889Z,0
CVE-2023-31315,https://securityvulnerability.io/vulnerability/CVE-2023-31315,Potential vulnerability in MSR could lead to arbitrary code execution,"CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.",Amd,"3rd Gen Amd Epyc™ Processors,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processors With Radeon™ Graphics",7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-21980,https://securityvulnerability.io/vulnerability/CVE-2024-21980,Possible Overwrite of Guest Memory or UMC Seed in SNP Firmware,"The vulnerability in AMD's SNP firmware arises from improper restrictions on write operations that could be exploited by a malicious hypervisor. This flaw allows unauthorized write actions, which could lead to overwriting a guest's memory or the UMC seed. Such an attack poses serious risks, including a potential breach of confidentiality and integrity, exposing sensitive information and disrupting system operations. Users of AMD's SNP Firmware are advised to assess their environments for this vulnerability and take appropriate measures to mitigate associated risks.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:06:36.216Z,0
CVE-2024-21978,https://securityvulnerability.io/vulnerability/CVE-2024-21978,Hypervisor Memory Leakage Vulnerability Discovered,"The vulnerability in AMD's SEV-SNP relates to improper input validation, which may be exploited by a malicious hypervisor. This flaw enables unauthorized access to read or overwrite guest memory, potentially resulting in significant data leakage or corruption. System administrators and users of affected products should prioritize reviewing the associated vendor advisory for specific mitigation steps and affected versions.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:05:34.019Z,0
CVE-2023-31355,https://securityvulnerability.io/vulnerability/CVE-2023-31355,Hackers Could Overwrite Memory of Decommissioned Guests Through Improper Write Restrictions,"A security flaw has been identified in AMD's Secure Nested Paging (SNP) firmware, stemming from an improper restriction of write operations. This vulnerability may allow a malicious hypervisor to overwrite a guest's unique memory configuration seed (UMC seed). The potential consequence includes the ability to access sensitive data from memory previously allocated to a decommissioned guest system. Consequently, this issue raises significant concerns regarding the isolation and security of virtualized environments, necessitating immediate attention and remediation.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:04:24.813Z,0
CVE-2022-23829,https://securityvulnerability.io/vulnerability/CVE-2022-23829,Potential weakness in AMD SPI protection features may allow malicious attackers to bypass kernel mode protections,"A potential weakness in the SPI protection features of AMD systems enables a malicious actor with Ring0 (kernel mode) access to circumvent the built-in protections of the System Management Mode (SMM) ROM. This may lead to unauthorized access to critical system functions, potentially compromising the integrity of the entire system. Organizations utilizing affected AMD products should assess their security measures and enhance their defenses against potential exploitation.",Amd,"Amd Ryzen™ Threadripper™ Pro Processors 5900 Wx-series,Amd Ryzen™ 6000 Series Mobile Processors And Workstations,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 5000 Series Mobile Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors,Amd Ryzen™ 3000 Series Mobile Processor / 2nd Gen Amd Ryzen™ Mobile Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ Pro Processor,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc (tm) Embedded 7002,Amd Epyc™ Embedded 7003,Amd Ryzentm Embedded R1000,Amd Ryzentm Embedded R2000,Amd Ryzentm Embedded 5000,Amd Ryzentm Embedded V1000,Amd Ryzentm Embedded V2000,Amd Ryzentm Embedded V3000",8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-18T19:01:24.315Z,0
CVE-2023-20579,https://securityvulnerability.io/vulnerability/CVE-2023-20579,Potential Bypass of Integrity and Availability Protections in AMD SPI Protection Feature,"The vulnerability in AMD's SPI protection feature is associated with improper access controls that may enable a user with Ring0 (kernel mode) privileges to bypass security measures. This bypass could lead to significant risks, including potential loss of data integrity and system availability. Affected users should remain vigilant and apply recommended security updates as outlined in vendor advisories.",AMD,"AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  ,AMD Ryzen™ 7000 Series Desktop Processor ,AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics ,AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics,AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics ,AMD Ryzen™ 7045 Series Mobile Processors ,AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics ,AMD Ryzen™ Embedded V2000,AMD Ryzen™ Embedded V3000,AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:32:11.904Z,0
CVE-2023-20587,https://securityvulnerability.io/vulnerability/CVE-2023-20587,"{""Arbitrary Code Execution Vulnerability in SMM's SPI Flash""}","An improper access control vulnerability in AMD's System Management Mode (SMM) may allow attackers unauthorized access to system components, specifically targeting the Serial Peripheral Interface (SPI) flash. This exploitation can potentially lead to arbitrary code execution, granting attackers elevated privileges and the ability to execute malicious code within the system. It is crucial for users and organizations utilizing AMD products to review their systems and apply necessary mitigations as outlined in AMD's security advisory.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors,1st Gen AMD EPYC™ Processors,2nd Gen AMD EPYC™ Processors,AMD EPYC(TM) Embedded 3000 ,AMD EPYC(TM) Embedded 7002 ,AMD EPYC(TM) Embedded 7003,AMD EPYC(TM) Embedded 9003",,,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:31:22.706Z,0
CVE-2023-31347,https://securityvulnerability.io/vulnerability/CVE-2023-31347,Guest Integrity at Risk Due to Code Bug in Secure TSC,"A code bug present in the SEV firmware related to the Secure TSC function has been identified, allowing an attacker with elevated privileges to influence the Time Stamp Counter (TSC) perceived by guests when Secure TSC is enabled. This manipulation could lead to a compromised state of guest integrity, potentially impacting the stability and reliability of the virtualized environment.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors",4.9,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-13T19:18:51.045Z,0
CVE-2023-31346,https://securityvulnerability.io/vulnerability/CVE-2023-31346,Privileged Attacker May Access Stale Data from Other Guests via Failure to Initialize Memory,"A vulnerability in AMD's SEV Firmware stems from a failure to properly initialize memory, creating a risk where a privileged attacker can access outdated data belonging to other virtual guests. This issue presents significant security implications for environments utilizing virtualization, as it may compromise the confidentiality of sensitive information processed by other users. Users of affected AMD SEV Firmware must prioritize remediation efforts to safeguard their virtualized workloads.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors ",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:18:19.089Z,0
CVE-2023-20573,https://securityvulnerability.io/vulnerability/CVE-2023-20573,Debug Exception Delivery in Secure Nested Paging,"A vulnerability exists wherein a privileged attacker can interfere with the delivery of debug exceptions to Secure Encrypted Virtualization (SEV) with Secure Nested Paging (SNP) guests. This action may prevent these guests from receiving the necessary debug information, potentially affecting overall system performance and security monitoring. The flaw raises significant concerns regarding the integrity and reliability of debugging processes within affected environments.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors",3.2,LOW,0.0004299999854993075,false,false,false,true,true,false,false,2024-01-11T13:53:52.581Z,0
CVE-2023-20571,https://securityvulnerability.io/vulnerability/CVE-2023-20571,,"A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.


",AMD,"Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  “Cezanne”,Ryzen™ 7000 Series Desktop Processors “Raphael” XD3,Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”,AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics ""Rembrandt"",AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”,AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics  “Barcelo”,AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”, Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8",8.1,HIGH,0.0017000000225380063,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-20519,https://securityvulnerability.io/vulnerability/CVE-2023-20519,,"A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.


",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors",3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0