Vulnerabilities > AMD > Ryzen Threadripper PRO 3995Wx Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2021-26356 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | 7.4 |
| 2023-05-09 | CVE-2021-26371 | Unspecified vulnerability in AMD products A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
| 2023-04-02 | CVE-2023-20558 | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | 8.8 |
| 2023-04-02 | CVE-2023-20559 | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | 8.8 |
| 2023-01-11 | CVE-2021-26316 | Improper Input Validation vulnerability in AMD products Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | 7.8 |
| 2022-11-09 | CVE-2020-12930 | Unspecified vulnerability in AMD products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2020-12931 | Unspecified vulnerability in AMD products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-11-09 | CVE-2022-23824 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | 5.5 |
| 2022-08-10 | CVE-2021-46778 | Information Exposure Through Discrepancy vulnerability in AMD products Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). | 5.6 |