cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-31345,https://securityvulnerability.io/vulnerability/CVE-2023-31345,Improper Input Validation in AMD Products Leading to Potential Code Execution,"An improper input validation issue exists in the System Management Mode (SMM) handler of certain AMD processors. This vulnerability may allow a privileged attacker to manipulate the System Management RAM (SMRAM), which can potentially lead to unauthorized execution of arbitrary code. Attackers exploiting this flaw could gain increased privileges and perform malicious activities, making it crucial for users and organizations to apply the latest security patches and mitigate risks.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Instinct™ Mi300a,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Ryzen™ Threadripper™ Pro 5000wx- Series Desktop Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7000 Series Mobile Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9004,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000",7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-12T00:15:00.000Z,0
CVE-2023-31352,https://securityvulnerability.io/vulnerability/CVE-2023-31352,Memory Exposure Vulnerability in SEV Firmware by AMD,"A flaw in the SEV firmware could potentially let an attacker with the right privileges access sensitive unencrypted memory. This breach may enable unauthorized access to guest private data, posing a significant risk to data privacy and security. Organizations leveraging AMD's SEV technology should remain vigilant and apply the necessary security measures.",Amd,"Amd Epyc™ 9004 Processors,Amd Epyc™ Embedded 9004",6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T22:44:28.001Z,0
CVE-2023-31343,https://securityvulnerability.io/vulnerability/CVE-2023-31343,Improper Input Validation in SMM Handler on AMD Products,"The vulnerability arises from improper input validation in the System Management Mode (SMM) handler of various AMD processors, which could be exploited by a privileged attacker. If successfully exploited, this flaw allows the attacker to overwrite the System Management RAM (SMRAM), possibly enabling arbitrary code execution. This opens up significant security risks for systems utilizing these AMD products, making it critical to maintain up-to-date firmware and apply recommended security updates promptly.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Instinct™ Mi300a,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Ryzen™ Threadripper™ Pro 5000wx- Series Desktop Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7000 Series Mobile Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9004,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000",7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-11T22:35:04.110Z,0
CVE-2023-31342,https://securityvulnerability.io/vulnerability/CVE-2023-31342,Improper Input Validation in SMM Handler Affects AMD Products,"A vulnerability exists in the System Management Mode (SMM) handler of certain AMD processors due to improper input validation. This security flaw enables a privileged attacker to overwrite System Management RAM (SMRAM), which may potentially lead to arbitrary code execution. It is essential for users and administrators of affected AMD products to apply security best practices and updates to mitigate this risk.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Instinct™ Mi300a,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Ryzen™ Threadripper™ Pro 5000wx- Series Desktop Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7000 Series Mobile Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9004,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000",7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-11T22:24:02.153Z,0
CVE-2023-20582,https://securityvulnerability.io/vulnerability/CVE-2023-20582,Improper Handling of Nested Page Table Entries in AMD Products,"An improper handling of invalid nested page table entries in AMD's IOMMU could allow an attacker with privileged access to induce faults in page table entries, potentially circumventing RMP checks within the Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) framework. This flaw poses serious risks to the integrity of guest memory, potentially affecting the security of virtualized environments.",Amd,"Amd Epyc™ 9004 Processors,Amd Epyc™ Embedded 9004",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T21:35:15.949Z,0
CVE-2023-20581,https://securityvulnerability.io/vulnerability/CVE-2023-20581,Improper Access Control in IOMMU Affects AMD Products,"The vulnerability arises from inadequate access control mechanisms in the IOMMU, enabling a privileged attacker to circumvent the Rapid Memory Protection (RMP) checks. This could lead to significant risks concerning the integrity of guest memory, potentially allowing unauthorized access or manipulation of memory spaces within virtualized environments. It is crucial for affected users to refer to AMD's security bulletins for guidance on mitigation and remediation strategies.",Amd,"Amd Epyc™ 9004 Processors,Amd Epyc™ Embedded 9004",2.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T21:26:11.128Z,0
CVE-2024-21925,https://securityvulnerability.io/vulnerability/CVE-2024-21925,Improper Input Validation in AmdPspP2CmboxV2 Driver by AMD,"The AmdPspP2CmboxV2 driver from AMD contains an improper input validation issue that could allow a privileged attacker to manipulate system memory. By exploiting this vulnerability, an attacker may overwrite SMRAM, leading to potential arbitrary code execution and compromising system integrity. This flaw underscores the importance of rigorous input validation processes in driver development to ensure system security.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 9004 Processors,Amd Epyc™ 7003 Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx- Series Desktop Processors,Amd Ryzen™ Threadripper™ Pro 7000 Wx-series Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7000 Series Mobile Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9004,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000,Amd Ryzen™ Embedded 8000",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T20:39:03.746Z,0
CVE-2023-31356,https://securityvulnerability.io/vulnerability/CVE-2023-31356,Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss,"Incomplete memory cleanup in AMD's SEV (Secure Encrypted Virtualization) firmware poses a significant risk where a privileged attacker may exploit this flaw to corrupt guest private memory. This vulnerability can lead to potential loss of data integrity, compromising the confidentiality and reliability of virtualized environments.",Amd,"Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9004",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:54:23.979Z,0
CVE-2023-20591,https://securityvulnerability.io/vulnerability/CVE-2023-20591,Persistence of Untrusted Platform Configuration Risks Memory Access,"The vulnerability arises from the improper re-initialization of the Input/Output Memory Management Unit (IOMMU) during the Dynamic Root of Trust for Measurement (DRTM) event. This flaw may enable an untrusted platform configuration to persist, which could allow attackers to read or modify hypervisor memory. The repercussions of this vulnerability include potential threats to the confidentiality, integrity, and availability of the affected systems, marking significant concerns for users relying on AMD hypervisor technologies.",Amd,"Amd Epyc™ 7003  Series Processors,Amd Epyc™ 9004 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors",10,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-13T16:53:23.681Z,0
CVE-2023-20578,https://securityvulnerability.io/vulnerability/CVE-2023-20578,Attackers Can Modify Communications Buffer for Arbitrary Code Execution,"A vulnerability exists in the AMD BIOS stemming from a Time-of-Check Time-of-Use (TOCTOU) issue. This flaw can be exploited by attackers who have ring0 privileges and access to critical system components such as the BIOS menu or UEFI shell. By leveraging this vulnerability, an attacker could potentially alter the communications buffer, leading to the execution of arbitrary code. This capability raises significant security concerns as it may allow unauthorized access and control over affected systems.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded 7000,Amd Ryzentm Embedded V3000",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:58.457Z,0
CVE-2023-20518,https://securityvulnerability.io/vulnerability/CVE-2023-20518,Potential Loss of Confidentiality Due to Incomplete BIOS Menu or UEFI Shell Cleanup,"A vulnerability exists in AMD's Advanced Security Platform due to incomplete cleanup processes. This flaw allows a privileged attacker, who has access to the BIOS menu or UEFI shell, to potentially expose the Master Encryption Key (MEK). The risk of memory exfiltration associated with this vulnerability may lead to a significant loss of confidentiality, allowing unauthorized access to sensitive information. Organizations using affected AMD products are urged to review their security measures and apply any available patches to mitigate the risks.",Amd,"Amd Epyc™ 9004 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",1.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:55.976Z,0
CVE-2021-46746,https://securityvulnerability.io/vulnerability/CVE-2021-46746,Potential Security Vulnerability in TEE Could Lead to Denial of Service,"A vulnerability exists in the ASP Secure OS Trusted Execution Environment (TEE) due to inadequate stack protection mechanisms. This flaw could be exploited by a privileged attacker who has access to AMD signing keys to manipulate the return address, leading to a stack-based buffer overrun. Such an attack may result in a denial of service, compromising the security and functionality of the affected systems. Organizations using AMD's TEE should implement necessary mitigations to protect against potential exploitation.",Amd,"Amd Epyc™ 7001 Processors,Amd Epyc™ 7002 Processors,Amd Epyc™ 7003 Processors,Amd Epyc™ 9004 Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded 7000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",5.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:50:51.023Z,0
CVE-2021-26387,https://securityvulnerability.io/vulnerability/CVE-2021-26387,Potential Mapping of DRAM Regions in Protected Areas Could Lead to Loss of Platform Integrity,"An access control vulnerability within the ASP kernel of AMD products can be exploited by an attacker with privileged access. This scenario involves the attacker having access to AMD signing keys and the BIOS menu or UEFI shell. By leveraging this access, the attacker could potentially map DRAM regions in protected areas, which may compromise the integrity of the platform. It highlights a significant concern for users relying on AMD technologies who must ensure proper access controls are enforced to mitigate risks.",Amd,"Amd Epyc™ 7001 Series Processors,Amd Epyc™ 7002 Series Processors,Amd Epyc™ 7003 Series Processors,Amd Epyc™ 9004 Series Processors,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Ryzen™ Threadripper™ Pro 5000wx Processors,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Epyc™ Embedded 3000 Series Processors,Amd Epyc™ Embedded 7002 Series Processors,Amd Epyc™ Embedded 7003 Series Processors,Amd Epyc™ Embedded 9003 Series Processors,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded 5000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors,Amd Ryzen™ Embedded V3000 Series Processors",3.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:50:22.151Z,0