Amd Ryzen 7000 Series Desktop Processors vulnerabilities

CVE-2023-31364 [HIGH] CWE-119 CVE-2023-31364: Improper handling of direct memory writes in the input-output memory management unit could allow a m Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service.

CVE-2024-36349 [LOW] CWE-1420 CVE-2024-36349: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

CVE-2024-36348 [LOW] CWE-1420 CVE-2024-36348: A transient execution vulnerability in some AMD processors may allow a user process to infer the con A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

CVE-2021-46746 [MEDIUM] CWE-120 CVE-2021-46746: Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

CVE-2023-31315 [HIGH] CWE-94 CVE-2023-31315: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 ac Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

CVE-2022-23829 [HIGH] CWE-284 CVE-2022-23829: A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kerne A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.