Filtered by vendor Amd
Subscribe
Total
284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26386 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | |||||
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2024-11-21 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2021-26382 | 1 Amd | 70 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250u and 67 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | |||||
| CVE-2021-26378 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
| CVE-2021-26376 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | |||||
| CVE-2021-26375 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||||
| CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | |||||
| CVE-2021-26369 | 1 Amd | 99 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 96 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | |||||
| CVE-2021-26368 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | |||||
| CVE-2021-26366 | 1 Amd | 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | |||||
| CVE-2021-26364 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | |||||
| CVE-2021-26363 | 1 Amd | 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | |||||
| CVE-2021-26362 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | |||||
| CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | |||||
| CVE-2021-26360 | 1 Amd | 36 Enterprise Driver, Radeon Pro Software, Radeon Pro W6300m and 33 more | 2024-11-21 | N/A | 7.8 HIGH |
| An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | |||||
| CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | |||||
| CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||||