Latest amd ryzen 3 3350u firmware Vulnerabilities

CVE-2022-23821
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Amd Ryzen 9 3900 Firmware=comboam4_pi_1.0.0.9
Amd Ryzen 9 3900 Firmware=comboam4_v2_pi_1.2.0.8
Amd Ryzen 9 3900
Amd Ryzen 9 3900x Firmware=comboam4_pi_1.0.0.9
Amd Ryzen 9 3900x Firmware=comboam4_v2_pi_1.2.0.8
Amd Ryzen 9 3900x
and 230 more
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of ...
Amd Epyc 7001 Firmware<naplespi_1.0.0.h
Amd Epyc 7001
Amd Epyc 7251 Firmware<naplespi_1.0.0.h
Amd Epyc 7251
Amd Epyc 7261 Firmware<naplespi_1.0.0.h
Amd Epyc 7261
and 180 more
CVE-2022-23820
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
Amd Ryzen 9 3900 Firmware=comboam4_pi_1.0.0.9
Amd Ryzen 9 3900 Firmware=comboam4_v2_pi_1.2.0.8
Amd Ryzen 9 3900
Amd Ryzen 9 3900x Firmware=comboam4_pi_1.0.0.9
Amd Ryzen 9 3900x Firmware=comboam4_v2_pi_1.2.0.8
Amd Ryzen 9 3900x
and 224 more
CVE-2023-20597
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Amd Ryzen 3 3100 Firmware=comboam4pi_1.0.0.9
Amd Ryzen 3 3100 Firmware=comboam4v2pi_1.2.0.8
Amd Ryzen 3 3100
Amd Ryzen 3 3200g Firmware=comboam4pi_1.0.0.9
Amd Ryzen 3 3200g Firmware=comboam4v2pi_1.2.0.8
Amd Ryzen 3 3200g
and 277 more
CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Amd Epyc 7003 Firmware=milanpi_1.0.0.a
Amd Epyc 7003
Amd Epyc 72f3 Firmware=milanpi_1.0.0.a
Amd Epyc 72f3
Amd Epyc 7313 Firmware=milanpi_1.0.0.a
Amd Epyc 7313
and 332 more
CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary cod...
Amd Ryzen 3 3300 Firmware<comboam4_pi_v1_1.0.0.a
Amd Ryzen 3 3300
Amd Ryzen 3 3300x Firmware<comboam4_pi_v1_1.0.0.a
Amd Ryzen 3 3300x
Amd Ryzen 5 3600 Firmware<comboam4_pi_v1_1.0.0.a
Amd Ryzen 5 3600
and 245 more
CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. ...
Amd Epyc 7773x Firmware<milanpi_1.0.0.6
Amd Epyc 7773x
Amd Epyc 7763 Firmware<milanpi_1.0.0.6
Amd Epyc 7763
Amd Epyc 7713p Firmware<milanpi_1.0.0.6
Amd Epyc 7713p
and 250 more
CVE-2021-26354
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss...
Amd Epyc 7773x Firmware<milanpi_1.0.0.6
Amd Epyc 7773x
Amd Epyc 7763 Firmware<milanpi_1.0.0.6
Amd Epyc 7763
Amd Epyc 7713p Firmware<milanpi_1.0.0.6
Amd Epyc 7713p
and 298 more
CVE-2023-20558
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
Amd Ryzen 7 5700g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700g
Amd Ryzen 7 5700ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700ge
Amd Ryzen 5 5600g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 5600g
and 172 more
CVE-2023-20559
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Amd Ryzen 7 5700g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700g
Amd Ryzen 7 5700ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700ge
Amd Ryzen 5 5600g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 5600g
and 172 more
CVE-2021-26346
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential ...
Amd Ryzen 3 3100 Firmware
Amd Ryzen 3 3100
Amd Ryzen 3 3200g Firmware
Amd Ryzen 3 3200g
Amd Ryzen 3 3200u Firmware
Amd Ryzen 3 3200u
and 202 more
CVE-2021-26392
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a...
Amd Enterprise Driver<22.10.20
Amd Radeon Pro Software<22.q2
AMD Radeon Software<22.5.2
Amd Radeon Pro W5500
Amd Radeon Pro W5500x
Amd Radeon Pro W5700
and 498 more
CVE-2021-26393
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially pois...
Amd Enterprise Driver<22.10.20
Amd Radeon Pro Software<22.q2
AMD Radeon Software<22.5.2
Amd Radeon Pro W5500
Amd Radeon Pro W5500x
Amd Radeon Pro W5700
and 354 more
CVE-2020-12930
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Amd Enterprise Driver<22.10.20
Amd Radeon Pro Software<22.q2
AMD Radeon Software<22.5.2
Amd Radeon Pro W5500
Amd Radeon Pro W5500x
Amd Radeon Pro W5700
and 432 more
CVE-2020-12931
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Amd Enterprise Driver<22.10.20
Amd Radeon Pro Software<22.q2
AMD Radeon Software<22.5.2
Amd Radeon Pro W5500
Amd Radeon Pro W5500x
Amd Radeon Pro W5700
and 424 more
CVE-2021-46778
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By m...
Amd Athlon 3050ge Firmware
Amd Athlon 3050ge
Amd Athlon 3150g Firmware
Amd Athlon 3150g
Amd Athlon 3150ge Firmware
Amd Athlon 3150ge
and 352 more
CVE-2021-26384
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when ...
Amd Ryzen 7 5700g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700g
Amd Ryzen 7 5700ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700ge
Amd Ryzen 5 5600g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 5600g
and 98 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203