Vulnerabilities > AMD > Ryzen Threadripper PRO 3955Wx Firmware > castlepeakpi.sp3r2.1.1.0.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2021-46766 | Incomplete Cleanup vulnerability in AMD products Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | 5.5 |
2023-11-14 | CVE-2022-23820 | Improper Input Validation vulnerability in AMD products Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | 9.8 |
2023-11-14 | CVE-2022-23821 | Unspecified vulnerability in AMD products Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 9.8 |