Vulnerabilities > AMD > Ryzen Threadripper 3990X Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2021-26378 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
local
low complexity
amd CWE-119
5.5
2022-05-11 CVE-2021-26388 Out-of-bounds Read vulnerability in AMD products
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
local
low complexity
amd CWE-125
5.5
2022-02-04 CVE-2020-12965 Injection vulnerability in AMD products
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
network
low complexity
amd CWE-74
7.5
2021-11-16 CVE-2021-26336 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
local
low complexity
amd CWE-119
5.5
2021-11-16 CVE-2021-26337 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
local
low complexity
amd
5.5