Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2023-08-08 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||||
| CVE-2021-26386 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | |||||
| CVE-2021-26354 | 1 Amd | 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more | 2023-05-25 | N/A | 5.5 MEDIUM |
| Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. | |||||
| CVE-2021-26346 | 1 Amd | 208 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3200g and 205 more | 2023-01-24 | N/A | 5.5 MEDIUM |
| Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | |||||
| CVE-2021-26336 | 1 Amd | 190 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 187 more | 2022-10-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | |||||
| CVE-2021-46778 | 1 Amd | 358 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 355 more | 2022-08-19 | N/A | 5.6 MEDIUM |
| Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. | |||||
| CVE-2021-26382 | 1 Amd | 70 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250u and 67 more | 2022-07-29 | N/A | 4.4 MEDIUM |
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | |||||
| CVE-2022-23823 | 1 Amd | 284 A10-9600p, A10-9600p Firmware, A10-9630p and 281 more | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. | |||||
| CVE-2021-26362 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2022-06-08 | 6.6 MEDIUM | 7.1 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | |||||
| CVE-2021-26369 | 1 Amd | 99 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 96 more | 2022-06-01 | 4.6 MEDIUM | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | |||||
| CVE-2021-26368 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2022-06-01 | 4.9 MEDIUM | 4.4 MEDIUM |
| Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | |||||
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | |||||