Amd Athlon 3000 Series Desktop Processors With Radeon Graphics
Monthly
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message,. Rated medium severity (CVSS 5.6). No vendor patch available.
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message,. Rated medium severity (CVSS 5.6). No vendor patch available.
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.