Skip to main content

Ryzen Threadripper 3960X Firmware

14 CVEs product

Monthly

CVE-2023-20533 HIGH This Week

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7232P Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware +81
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-20597 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware Ryzen 3 3200G Firmware Ryzen 3 3200Ge Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20594 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +122
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-20589 MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware Ryzen 5 Pro 3400Ge Firmware Ryzen 5 Pro 3350G Firmware +118
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-20593 MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware +67
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2023-20559 HIGH This Week

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +85
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20558 HIGH This Week

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +85
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-27672 MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +162
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-23824 MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +165
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29900 MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora Xen Athlon X4 750 Firmware +122
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2022-23823 MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +139
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26337 MEDIUM This Month

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7003 Firmware Epyc 7002 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +108
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26336 MEDIUM This Month

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7003 Firmware Epyc 7002 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +91
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7232P Firmware Epyc 7252 Firmware +83
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware +100
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware +124
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware +120
NVD
EPSS 6% CVSS 5.5
MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux +69
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware +87
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware +87
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +164
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware +167
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +125
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora +124
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +141
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7003 Firmware Epyc 7002 Firmware +110
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7003 Firmware Epyc 7002 Firmware +93
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy