Vulnerabilities > AMD > Ryzen 9 3900X Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2021-26386 Out-of-bounds Write vulnerability in AMD products
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
local
low complexity
amd CWE-787
7.8
2022-05-12 CVE-2021-26351 Improper Input Validation vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
local
low complexity
amd CWE-20
5.5
2022-05-12 CVE-2021-26366 Unspecified vulnerability in AMD products
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
local
low complexity
amd
7.1
2022-05-12 CVE-2021-26369 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
local
low complexity
amd CWE-119
7.8
2022-05-10 CVE-2021-26352 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
local
low complexity
amd CWE-119
5.5
2022-05-10 CVE-2021-26390 Unspecified vulnerability in AMD products
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
local
low complexity
amd
6.2
2022-03-11 CVE-2021-26341 Improper Cross-boundary Removal of Sensitive Data vulnerability in AMD products
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
local
low complexity
amd CWE-212
6.5
2022-03-11 CVE-2021-26401 Unspecified vulnerability in AMD products
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
local
high complexity
amd
5.6
2021-11-16 CVE-2021-26336 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
local
low complexity
amd CWE-119
5.5
2021-11-16 CVE-2021-26337 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
local
low complexity
amd
5.5