Vulnerabilities > AMD > Ryzen 9 5950X Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2021-26371 Unspecified vulnerability in AMD products
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
local
low complexity
amd
5.5
2023-01-11 CVE-2021-26316 Improper Input Validation vulnerability in AMD products
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
local
low complexity
amd CWE-20
7.8
2023-01-11 CVE-2021-26346 Integer Overflow or Wraparound vulnerability in AMD products
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
local
low complexity
amd CWE-190
5.5
2022-11-09 CVE-2020-12930 Unspecified vulnerability in AMD products
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
local
low complexity
amd
7.8
2022-11-09 CVE-2020-12931 Unspecified vulnerability in AMD products
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
local
low complexity
amd
7.8
2022-11-09 CVE-2021-26392 Out-of-bounds Write vulnerability in AMD products
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
local
low complexity
amd CWE-787
7.8
2022-08-10 CVE-2021-46778 Information Exposure Through Discrepancy vulnerability in AMD products
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT).
local
high complexity
amd CWE-203
5.6
2022-05-11 CVE-2021-26373 Improper Input Validation vulnerability in AMD products
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
local
low complexity
amd CWE-20
5.5
2022-05-11 CVE-2021-26375 Unspecified vulnerability in AMD products
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
local
low complexity
amd
5.5
2022-05-11 CVE-2021-26376 Unspecified vulnerability in AMD products
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
local
low complexity
amd
5.5