2023-05-09
|
CVE-2021-46749
|
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_pro_2100ge_firmware
|
7.5
|
|
|
2023-05-09
|
CVE-2021-46753
|
Failure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a
malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite
data structures leading to a potential loss of confidentiality and integrity.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_6600h_firmware, Ryzen_6600hs_firmware, Ryzen_6600u_firmware, Ryzen_6800h_firmware, Ryzen_6800hs_firmware, Ryzen_6800u_firmware, Ryzen_6900hs_firmware, Ryzen_6900hx_firmware, Ryzen_6980hs_firmware, Ryzen_6980hx_firmware, Ryzen_pro_2100ge_firmware
|
9.1
|
|
|
2023-05-09
|
CVE-2021-46754
|
Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce the bootloader into exposing sensitive information to the SMU
(System Management Unit) resulting in a potential loss of confidentiality and
integrity.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_pro_2100ge_firmware
|
9.1
|
|
|
2023-05-09
|
CVE-2021-46759
|
Improper syscall input validation in AMD TEE
(Trusted Execution Environment) may allow an attacker with physical access and
control of a Uapp that runs under the bootloader to reveal the contents of the
ASP (AMD Secure Processor) bootloader accessible memory to a serial port,
resulting in a potential loss of integrity.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_pro_2100ge_firmware
|
6.1
|
|
|
2023-05-09
|
CVE-2021-46773
|
Insufficient input validation in ABL may enable
a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity or code execution.
|
Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_6600h_firmware, Ryzen_6600hs_firmware, Ryzen_6600u_firmware, Ryzen_6800h_firmware, Ryzen_6800hs_firmware, Ryzen_6800u_firmware, Ryzen_6900hs_firmware, Ryzen_6900hx_firmware, Ryzen_6980hs_firmware, Ryzen_6980hx_firmware, Ryzen_pro_2100ge_firmware
|
8.8
|
|
|
2023-05-09
|
CVE-2021-46794
|
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware, Ryzen_pro_2100ge_firmware
|
7.5
|
|
|
2023-05-09
|
CVE-2021-46792
|
Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_silver_3050ge_firmware, Ryzen_1200_\(Af\)_firmware, Ryzen_1600_\(Af\)_firmware, Ryzen_2200g_firmware, Ryzen_2200ge_firmware, Ryzen_2300x_firmware, Ryzen_2400g_firmware, Ryzen_2400ge_firmware, Ryzen_2500x_firmware, Ryzen_2600_firmware, Ryzen_2600e_firmware, Ryzen_2600x_firmware, Ryzen_2700_firmware, Ryzen_2700e_firmware, Ryzen_2700x_firmware, Ryzen_2920x_firmware, Ryzen_2950x_firmware, Ryzen_2970wx_firmware, Ryzen_2990wx_firmware, Ryzen_3100_firmware, Ryzen_3300x_firmware, Ryzen_3500_firmware, Ryzen_3500x_firmware, Ryzen_3600_firmware, Ryzen_3600x_firmware, Ryzen_3600xt_firmware, Ryzen_3800x_firmware, Ryzen_3800xt_firmware, Ryzen_3900_firmware, Ryzen_3900x_firmware, Ryzen_3900xt_firmware, Ryzen_3950x_firmware, Ryzen_5300g_firmware, Ryzen_5300ge_firmware, Ryzen_5500_firmware, Ryzen_5600_firmware, Ryzen_5600g_firmware, Ryzen_5600ge_firmware, Ryzen_5600x_firmware, Ryzen_5700g_firmware, Ryzen_5700ge_firmware, Ryzen_5700x_firmware, Ryzen_5800_firmware, Ryzen_5800x3d_firmware, Ryzen_5800x_firmware, Ryzen_5900_firmware, Ryzen_5900x_firmware, Ryzen_5945wx_firmware, Ryzen_5950x_firmware, Ryzen_5955wx_firmware, Ryzen_5965wx_firmware, Ryzen_5975wx_firmware, Ryzen_5995wx_firmware
|
5.9
|
|
|