Amd Ryzen 3000 Series Desktop Processors vulnerabilities

CVE-2023-31364 [HIGH] CWE-119 CVE-2023-31364: Improper handling of direct memory writes in the input-output memory management unit could allow a m Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service.

CVE-2024-36349 [LOW] CWE-1420 CVE-2024-36349: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

CVE-2024-36348 [LOW] CWE-1420 CVE-2024-36348: A transient execution vulnerability in some AMD processors may allow a user process to infer the con A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

CVE-2021-26344 [HIGH] CWE-787 CVE-2021-26344: An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

CVE-2024-21981 [MEDIUM] CWE-639 CVE-2024-21981: Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVE-2021-46772 [LOW] CWE-125 CVE-2021-46772: Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS men Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

CVE-2023-31315 [HIGH] CWE-94 CVE-2023-31315: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 ac Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

CVE-2022-23829 [HIGH] CWE-284 CVE-2022-23829: A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kerne A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.