Vulnerabilities > AMD > Ryzen 3 3300X Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2021-26356 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | 7.4 |
| 2023-05-09 | CVE-2021-26371 | Unspecified vulnerability in AMD products A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
| 2023-04-02 | CVE-2023-20558 | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | 8.8 |
| 2023-04-02 | CVE-2023-20559 | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | 8.8 |
| 2023-03-01 | CVE-2022-27672 | Unspecified vulnerability in AMD products When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | 4.7 |
| 2023-01-11 | CVE-2021-26346 | Integer Overflow or Wraparound vulnerability in AMD products Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | 5.5 |
| 2022-11-09 | CVE-2020-12930 | Unspecified vulnerability in AMD products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2020-12931 | Unspecified vulnerability in AMD products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-11-09 | CVE-2022-23824 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | 5.5 |