Skip to main content

Ryzen 5 5500U Firmware

7 CVEs product

Monthly

CVE-2023-20597 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware Ryzen 3 3200G Firmware Ryzen 3 3200Ge Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20594 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +122
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-20589 MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware Ryzen 5 Pro 3400Ge Firmware Ryzen 5 Pro 3350G Firmware +118
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-20555 HIGH This Week

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ryzen 3 3300 Firmware Ryzen 3 3300X Firmware +117
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-20593 MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware +67
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2022-27672 MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +162
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware +100
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware +124
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware +120
NVD
EPSS 6% CVSS 4.7
MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora +154
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +119
NVD
EPSS 6% CVSS 5.5
MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux +69
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +164
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy