Skip to main content

Ryzen Pro Firmware

7 CVEs product

Monthly

CVE-2021-26318 MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware Athlon Pro Firmware Epyc Firmware +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2018-8936 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8935 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8934 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8932 CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8931 CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8930 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
EPSS 0% CVSS 4.7
MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware +4
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware +3
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware +2
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy