cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20578,https://securityvulnerability.io/vulnerability/CVE-2023-20578,Attackers Can Modify Communications Buffer for Arbitrary Code Execution,"A vulnerability exists in the AMD BIOS stemming from a Time-of-Check Time-of-Use (TOCTOU) issue. This flaw can be exploited by attackers who have ring0 privileges and access to critical system components such as the BIOS menu or UEFI shell. By leveraging this vulnerability, an attacker could potentially alter the communications buffer, leading to the execution of arbitrary code. This capability raises significant security concerns as it may allow unauthorized access and control over affected systems.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded 7000,Amd Ryzentm Embedded V3000",6.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:58.457Z,0
CVE-2023-20518,https://securityvulnerability.io/vulnerability/CVE-2023-20518,Potential Loss of Confidentiality Due to Incomplete BIOS Menu or UEFI Shell Cleanup,"A vulnerability exists in AMD's Advanced Security Platform due to incomplete cleanup processes. This flaw allows a privileged attacker, who has access to the BIOS menu or UEFI shell, to potentially expose the Master Encryption Key (MEK). The risk of memory exfiltration associated with this vulnerability may lead to a significant loss of confidentiality, allowing unauthorized access to sensitive information. Organizations using affected AMD products are urged to review their security measures and apply any available patches to mitigate the risks.",Amd,"Amd Epyc™ 9004 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",1.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:55.976Z,0
CVE-2021-46772,https://securityvulnerability.io/vulnerability/CVE-2021-46772,Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service,"An input validation flaw within AMD BIOS and UEFI firmware enables a privileged attacker with access to the BIOS menu or UEFI shell to manipulate structure headers in SPI ROM. This manipulation may lead to out-of-bounds memory read and write operations, resulting in potential memory corruption or denial of service. The vulnerability emphasizes the importance of securing access to BIOS settings and implementing stringent input validation measures to mitigate risk.",Amd,"Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",3.9,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-08-13T16:50:54.016Z,0
CVE-2021-46746,https://securityvulnerability.io/vulnerability/CVE-2021-46746,Potential Security Vulnerability in TEE Could Lead to Denial of Service,"A vulnerability exists in the ASP Secure OS Trusted Execution Environment (TEE) due to inadequate stack protection mechanisms. This flaw could be exploited by a privileged attacker who has access to AMD signing keys to manipulate the return address, leading to a stack-based buffer overrun. Such an attack may result in a denial of service, compromising the security and functionality of the affected systems. Organizations using AMD's TEE should implement necessary mitigations to protect against potential exploitation.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",5.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:50:51.023Z,0
CVE-2021-26344,https://securityvulnerability.io/vulnerability/CVE-2021-26344,Potential Vulnerability in AMD PSP1 Configuration Block Could Allow Arbitrary Code Execution,"An out of bounds memory write vulnerability occurs when processing the AMD PSP1 Configuration Block (APCB), which could enable an attacker with necessary access to alter the BIOS image. This flaw could potentially be exploited to modify the APCB block, allowing for arbitrary code execution. Attackers capable of signing the modified BIOS images could leverage this vulnerability, potentially leading to severe security implications.",Amd,"Amd Epyc™ 7001 Series Processors,Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:49:52.889Z,0
CVE-2023-31315,https://securityvulnerability.io/vulnerability/CVE-2023-31315,Potential vulnerability in MSR could lead to arbitrary code execution,"CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.",Amd,"3rd Gen Amd Epyc™ Processors,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processors With Radeon™ Graphics",7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2023-20579,https://securityvulnerability.io/vulnerability/CVE-2023-20579,Potential Bypass of Integrity and Availability Protections in AMD SPI Protection Feature,"The vulnerability in AMD's SPI protection feature is associated with improper access controls that may enable a user with Ring0 (kernel mode) privileges to bypass security measures. This bypass could lead to significant risks, including potential loss of data integrity and system availability. Affected users should remain vigilant and apply recommended security updates as outlined in vendor advisories.",AMD,"AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  ,AMD Ryzen™ 7000 Series Desktop Processor ,AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics ,AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics,AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics ,AMD Ryzen™ 7045 Series Mobile Processors ,AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics ,AMD Ryzen™ Embedded V2000,AMD Ryzen™ Embedded V3000,AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics ,AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:32:11.904Z,0
CVE-2023-20593,https://securityvulnerability.io/vulnerability/CVE-2023-20593,,"
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.


",Amd,"Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics “renoir” Am4,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 7020 Series Processors “mendocino” Ft6,2nd Gen Amd Epyc™ Processors",5.5,MEDIUM,0.0008900000248104334,false,true,false,true,true,false,false,2023-07-24T20:15:00.000Z,0