Vulnerabilities > AMD > Ryzen 9 5900X Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2021-26371 | Unspecified vulnerability in AMD products A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
| 2023-01-11 | CVE-2021-26316 | Improper Input Validation vulnerability in AMD products Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | 7.8 |
| 2023-01-11 | CVE-2021-26346 | Integer Overflow or Wraparound vulnerability in AMD products Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | 5.5 |
| 2022-11-09 | CVE-2020-12930 | Unspecified vulnerability in AMD products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2020-12931 | Unspecified vulnerability in AMD products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-05-11 | CVE-2021-26373 | Improper Input Validation vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26375 | Unspecified vulnerability in AMD products Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | 4.9 |
| 2022-05-11 | CVE-2021-26376 | Unspecified vulnerability in AMD products Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26378 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 4.9 |