cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20521,https://securityvulnerability.io/vulnerability/CVE-2023-20521,TOCTOU Vulnerability in ASP Bootloader of AMD Products,"A time-of-check to time-of-use (TOCTOU) vulnerability exists within the ASP Bootloader utilized in certain AMD products. This security flaw allows an attacker with physical access to exploit the race condition during memory content verification. By tampering with SPI ROM records after the integrity check, the attacker could compromise confidentiality or potentially initiate a denial of service, undermining the reliability of the affected devices.",Amd,"Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4,Ryzen™ Threadripper™ 2000 Series Processors “colfax”,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Fp5,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics “picasso” Fp5,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded V1000",3.3,LOW,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2023-20526,https://securityvulnerability.io/vulnerability/CVE-2023-20526,Insufficient Input Validation in ASP Bootloader from AMD,"The ASP Bootloader by AMD is susceptible to a vulnerability that stems from insufficient input validation, allowing a privileged attacker with physical access to potentially access and expose sensitive ASP memory contents. This could result in a significant loss of confidentiality, making it crucial for users to prioritize security measures to mitigate the risk associated with this flaw.",Amd,"Amd Ryzen™ Threadripper™ 2000 Series Processors “colfax”,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,Amd Epyc™  Embedded 3000,Amd Epyc™  Embedded 7002,Amd Epyc™  Embedded 7003",4.6,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2022-23821,https://securityvulnerability.io/vulnerability/CVE-2022-23821,Improper Access Control Vulnerability in AMD System Management Mode,"This vulnerability involves improper access control within System Management Mode (SMM), which may permit an attacker to write to the Serial Peripheral Interface (SPI) ROM. Exploitation of this vulnerability could potentially lead to arbitrary code execution, posing significant security risks to affected systems. It is crucial for users and administrators of AMD platforms to be aware of this issue and implement necessary security measures to safeguard their environments.",Amd,"Ryzen™ 3000 Series Desktop Processors “matisse”,Ryzen™ 5000 Series Desktop Processors “vermeer”,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne”,Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4,Ryzen™ Threadripper™ 2000 Series Processors “colfax”,Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3,Ryzen™ Threadripper™ Pro 3000wx Series Processors  “chagall” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Fp5,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics “picasso” Fp5,Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “renoir” Fp6,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics ""rembrandt"",Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics “rembrandt-r”,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics  “barcelo”,Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics “barcelo-r”,Amd Ryzen™  Embedded R1000,Amd Ryzen™  Embedded R2000,Amd Ryzen™  Embedded 5000,Amd Ryzen™  Embedded V1000,Amd Ryzen™  Embedded V2000,Amd Ryzen™  Embedded V3000",9.8,CRITICAL,0.0028200000524520874,false,,false,false,false,,,false,false,,2023-11-14T18:54:32.952Z,0
CVE-2022-23820,https://securityvulnerability.io/vulnerability/CVE-2022-23820,Buffer Validation Flaw in AMD Products,"A buffer validation flaw in AMD's SMM communication buffer poses a security risk by allowing potential attackers to corrupt the SMRAM. This vulnerability enables the possibility of executing arbitrary code, which can lead to unauthorized access and manipulation of the system. To mitigate this risk, users are advised to apply the latest security patches from AMD.",Amd,"Ryzen™ 3000 Series Desktop Processors “matisse"",Amd Ryzen™ 5000 Series Desktop Processors “vermeer”,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne”,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4,Amd Ryzen™ Threadripper™ 2000 Series Processors “colfax”,Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt,Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors  “chagall” Ws,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics “picasso” Fp5,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “renoir” Fp6,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics ""rembrandt"",Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics “rembrandt-r”,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics  “barcelo”,Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics “barcelo-r”,3rd Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003",7.5,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2023-11-14T18:52:21.457Z,0
CVE-2023-20569,https://securityvulnerability.io/vulnerability/CVE-2023-20569,Side Channel Vulnerability Affecting AMD Processors,"A side channel vulnerability has been identified in certain AMD CPUs, enabling attackers to manipulate the return address prediction. This flaw can result in speculative execution at addresses controlled by the attacker, which may lead to unauthorized information disclosure. It highlights the critical need for robust defensive measures to mitigate potential risks associated with speculative execution on affected processors.",Amd,"Ryzen™ 3000 Series Desktop Processors,Ryzen™ Pro 3000 Series Desktop Processors,Ryzen™ 3000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Athlon™ 3000 Series Processors With Radeon™ Graphics,Athlon™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 4000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Desktop Processors,Ryzen™ Threadripper™ 2000 Series Processors,Ryzen™ Threadripper™ 5000 Series Processors,Ryzen™ Threadripper™ 3000 Series Processors,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Ryzen™ 5000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Processors,Ryzen™ 6000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 6000 Series Processors,Ryzen™ 7040 Series Processors With Radeon™ Graphics,Ryzen™ 7000 Series Processors,Ryzen™ 7000 Series Processors With Radeon™ Graphics,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™  Processors,4th Gen Amd Epyc™  Processors",4.7,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-08-08T18:15:00.000Z,0
CVE-2023-20589,https://securityvulnerability.io/vulnerability/CVE-2023-20589,"fTPM Voltage Fault Injection ","
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 


",Amd,"Ryzen™ 3000 Series Desktop Processors,Ryzen™ Pro 3000 Series Desktop Processors,Ryzen™ 3000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Athlon™ 3000 Series Processors With Radeon™ Graphics,Athlon™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 4000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Desktop Processors,Ryzen™ Threadripper™ 2000 Series Processors,Ryzen™ Threadripper™ 5000 Series Processors,Ryzen™ Threadripper™ 3000 Series Processors,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Ryzen™ 5000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Processors,Ryzen™ 6000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 6000 Series Processors,Ryzen™ 7020 Series Processors With Radeon™ Graphics,Ryzen™ 7030 Series Processors With Radeon™ Graphics,Ryzen™ Pro 7030 Series Processors,Ryzen™ 7035 Series Processors With Radeon™ Graphics",6.8,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-08-08T18:15:00.000Z,0
CVE-2021-46794,https://securityvulnerability.io/vulnerability/CVE-2021-46794,Insufficient Bounds Checking in AMD Secure Processor,"Insufficient bounds checking in the AMD Secure Processor may lead to an out of bounds read during the checksum calculation for the System Management Interface mailbox. This flaw can trigger a data abort, potentially resulting in service disruptions and an inability to access critical system functionality. Organizations utilizing affected AMD products should assess their systems and apply any available mitigations to safeguard against this vulnerability.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Ryzen™ Threadripper™ Pro Processors “chagall” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-05-09T19:01:47.728Z,0
CVE-2021-46792,https://securityvulnerability.io/vulnerability/CVE-2021-46792,TOCTOU Vulnerability in BIOS2PSP Command Affecting AMD Products,"The BIOS2PSP command in certain AMD products contains a time-of-check time-of-use (TOCTOU) vulnerability. This issue arises when an attacker with administrative access exploits a malicious BIOS, creating a race condition that triggers out-of-bounds SRAM reads by the ASP bootloader during an S3 resume event. Such behavior may lead to instability or unexpected failures in device operations, resulting in a denial of service. Users are advised to follow vendor security advisories to mitigate potential risks.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”",5.9,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-05-09T19:01:38.204Z,0
CVE-2021-46773,https://securityvulnerability.io/vulnerability/CVE-2021-46773,Insufficient Input Validation in ABL Affects AMD Products,"The vulnerability in AMD's ABL arises from insufficient input validation, which allows a privileged attacker to manipulate ASP memory. This manipulation could lead to critical issues such as data corruption or unauthorized code execution, posing significant risks to system integrity and security. Users and administrators are urged to apply available patches and mitigations to ensure the protection of their systems.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Ryzen™ Threadripper™ Pro Processors “chagall” Ws,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”",8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2023-05-09T19:01:27.589Z,0
CVE-2021-46759,https://securityvulnerability.io/vulnerability/CVE-2021-46759,Improper Input Validation in AMD Trusted Execution Environment,"The vulnerability involves improper validation of syscall inputs in the AMD Trusted Execution Environment. This flaw could allow an attacker, possessing physical access, to exploit a User Application that operates beneath the bootloader. By doing so, the attacker could potentially expose sensitive information from the AMD Secure Processor's bootloader memory to an external serial port, posing a risk to the system's integrity.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”",6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-05-09T19:00:53.047Z,0
CVE-2021-46756,https://securityvulnerability.io/vulnerability/CVE-2021-46756,Input Validation Flaw in AMD Secure Processor Bootloader,"The AMD Secure Processor bootloader exhibits an insufficient validation of user inputs in the SVC_MAP_USER_STACK. This flaw permits an attacker utilizing a compromised user application (Uapp) or a malicious ABL to issue malformed system calls to the bootloader, potentially leading to a denial of service and compromising the integrity of the system.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,2nd Gen Amd Ryzen™ Threadripper™ Processors “colfax”,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors",9.1,CRITICAL,0.001019999966956675,false,,false,false,false,,,false,false,,2023-05-09T19:00:35.599Z,0
CVE-2021-46754,https://securityvulnerability.io/vulnerability/CVE-2021-46754,Insufficient Input Validation in AMD Secure Processor Bootloader,"Insufficient input validation in the AMD Secure Processor bootloader may allow unauthorized access to sensitive information. An attacker with control over a compromised Uapp or ABL could exploit this vulnerability to manipulate the bootloader's operations, potentially leading to a breach of confidentiality and integrity by exposing critical data to the System Management Unit (SMU). Addressing this flaw is essential to safeguard sensitive information and maintain system security.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000",9.1,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2023-05-09T19:00:16.712Z,0
CVE-2021-46753,https://securityvulnerability.io/vulnerability/CVE-2021-46753,ASP Sensor Fusion Hub Vulnerability in AMD Products,"A vulnerability exists in the ASP Sensor Fusion Hub due to insufficient validation of length fields within sensor fusion hub headers. This flaw enables an attacker, leveraging a malicious user application (Uapp) or application binary loader (ABL), to map the ASP sensor fusion hub region and potentially overwrite its data structures. As a consequence, this may lead to a loss of data integrity and confidentiality.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,Ryzen™ 6000 Series Mobile Processors  ""rembrandt""",9.1,CRITICAL,0.0011899999808520079,false,,false,false,false,,,false,false,,2023-05-09T19:00:04.895Z,0
CVE-2021-46749,https://securityvulnerability.io/vulnerability/CVE-2021-46749,Insufficient Bounds Checking in AMD Secure Processor Affects System Management Interface,"Insufficient bounds checking in the AMD Secure Processor can lead to an out-of-bounds read during the System Management Interface mailbox checksum calculation. This vulnerability could potentially trigger data aborts, leading to interruptions in service availability. For more information, refer to the vendor advisory at AMD's official site.",Amd,"Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Ryzen™ Threadripper™ Pro Processors “chagall” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-05-09T18:59:39.837Z,0
CVE-2021-26406,https://securityvulnerability.io/vulnerability/CVE-2021-26406,Insufficient Validation in AMD Secure Encrypted Virtualization Products,"This vulnerability arises from insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in AMD Secure Encrypted Virtualization (SEV) systems. It poses a risk of host crashes that may lead to denial-of-service conditions, affecting the stability and reliability of applications relying on these technologies. Ensuring proper validation of these certificates is essential to mitigate potential disruptions and safeguard system integrity.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,2nd Gen Amd Ryzen™ Threadripper™ Processors “colfax”,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors",7.5,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-05-09T18:59:29.119Z,0
CVE-2021-26371,https://securityvulnerability.io/vulnerability/CVE-2021-26371,Information Disclosure in AMD Bootloader due to Malicious Applications,"A vulnerability exists in the AMD bootloader, where a compromised or malicious ABL (Application Boot Loader) or UApp (User Application) can exploit the system by sending a SHA256 system call to the bootloader. This improper handling may expose sensitive ASP (Application State Protocol) memory to userspace, potentially allowing unauthorized users to access confidential information stored within the system.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Ryzen™ Threadripper™ Pro Processors “chagall” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-09T18:59:16.122Z,0
CVE-2021-26365,https://securityvulnerability.io/vulnerability/CVE-2021-26365,Out of Bounds Read Vulnerability in AMD Firmware,"An issue exists in certain AMD firmware where improper handling of size values in binary headers may allow for out of bounds read vulnerabilities during the signature validation process. This flaw can lead to denial of service attacks, and potentially, unauthorized access to sensitive information from out-of-bounds memory, heightening the risk to affected systems and user data.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,Ryzen™ 6000 Series Mobile Processors  ""rembrandt""",8.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-05-09T18:58:57.236Z,0
CVE-2021-26354,https://securityvulnerability.io/vulnerability/CVE-2021-26354,Insufficient Bounds Checking in AMD ASP Products,"A vulnerability exists in AMD's ASP due to insufficient bounds checking. This flaw may allow an attacker to execute system calls from a compromised ABL, leading to the potential initialization of arbitrary memory values to zero. Such actions could ultimately result in significant integrity issues within affected systems, highlighting the need for immediate security updates to mitigate potential exploits.",Amd,"Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4,Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”,Ryzen™ 3000 Series Desktop Processors “matisse” Am4,Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4,Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics  “cezanne” Am4,2nd Gen Amd Ryzen™ Threadripper™ Processors “colfax”,3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt,Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws,Ryzen™ Threadripper™ Pro Processors “chagall” Ws,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics   “pollock”,Ryzen™ 2000 Series Mobile Processors “raven Ridge” Fp5,Ryzen™ 3000 Series Mobile Processor, 2nd Gen Amd Ryzen™ Mobile Processors With Radeon™ Graphics “picasso”,Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”,Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-09T18:58:37.664Z,0
CVE-2023-20559,https://securityvulnerability.io/vulnerability/CVE-2023-20559,Insufficient Control Flow Management in AMD Product,"A vulnerability in the AmdCpmGpioInitSmm component allows a privileged attacker to manipulate the System Management Mode (SMM) handler. This could potentially lead to unauthorized privilege escalation, exposing the system to further attacks and compromises.",AMD,"Ryzen™ 2000 Series ,Ryzen™ 3000 Series,Ryzen™ 4000 Series,Ryzen™ 5000 Series,2nd Gen AMD Ryzen™ Threadripper™ Processor,3rd Gen AMD Ryzen™ Threadripper™ Processors, Ryzen™ Threadripper™ PRO Processor",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2023-20558,https://securityvulnerability.io/vulnerability/CVE-2023-20558,Privilege Escalation Vulnerability in AMD SMM Handler,"The vulnerability arises from insufficient control flow management within the AmdCpmOemSmm module, which may enable a malicious actor with elevated privileges to manipulate the System Management Mode (SMM) handler. This situation poses a serious risk as it could lead to unauthorized escalation of privileges, potentially impacting the integrity and confidentiality of the affected systems.",Amd,"Ryzen™ 2000 Series,Ryzen™ 3000 Series,Ryzen™ 4000 Series,Ryzen™ 5000 Series,2nd Gen Amd Ryzen™ Threadripper™ Processor,3rd Gen Amd Ryzen™ Threadripper™ Processors,Ryzen™ Threadripper™ Pro Processor",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0
CVE-2022-27672,https://securityvulnerability.io/vulnerability/CVE-2022-27672,Information Disclosure Vulnerability in AMD Processors with SMT Enabled,"This vulnerability allows certain AMD processors, when Simultaneous Multithreading (SMT) is enabled, to potentially disclose sensitive information. During a mode switch in SMT, instructions may be speculatively executed using a target from a sibling thread. This behavior poses a risk of information leakage, making it critical for users to implement the appropriate mitigations and stay informed about updates from AMD.",Amd,"1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,Athlon™ X4 Processor,Ryzen™ Threadripper™ Pro Processor,2nd Gen Amd Ryzen™ Threadripper™ Processors,3rd Gen Amd Ryzen™ Threadripper™ Processors,7th Generation Amd A-series Apus,Ryzen™ 2000 Series Processors,Ryzen™ 3000 Series Processors,Ryzen™ 4000 Series Processors,Ryzen™ 5000 Series Processors,Athlon™ Mobile Processors",4.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2021-26316,https://securityvulnerability.io/vulnerability/CVE-2021-26316,Buffer Validation Flaw in AMD BIOS Enables Potential Code Execution,"A vulnerability exists in the BIOS of AMD products due to improper validation of the communication buffer and service. This oversight could allow attackers to exploit the buffer, potentially leading to arbitrary code execution in the System Management Mode (SMM). This type of vulnerability poses significant risks as it operates at a high privilege level within the BIOS, enabling unauthorized access and control over the system.",Amd,"Ryzen 5000 Series,Ryzen 2000 Series,Ryzen 3000 Series,1st Gen Epyc,2nd Gen Epyc,3rd Gen Epyc",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-11T08:15:00.000Z,0
CVE-2021-39298,https://securityvulnerability.io/vulnerability/CVE-2021-39298,Arbitrary Code Execution Vulnerability in AMD Firmware Products,"A security flaw has been identified in the interrupt handler of AMD's System Management Mode (SMM). This vulnerability could enable an attacker with elevated privileges to obtain access to the SMM, creating opportunities for arbitrary code execution. Such exploitation may allow malicious actors to circumvent security features embedded within the UEFI firmware, posing significant risks to the integrity and confidentiality of the system.",Amd,"2nd Gen Epyc,3rd Gen Epyc,Ryzen 2000 Series,Ryzen 3000 Series,Ryzen 5000 Series",8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-02-16T16:38:10.726Z,0