Amd Ryzen 3 5425C Firmware vulnerabilities

6 known vulnerabilities affecting amd/ryzen_3_5425c_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-20579MEDIUMCVSS 6.0fixed in cezannepi-fp6_1.0.1.02024-02-13
CVE-2023-20579 [MEDIUM] CWE-284 CVE-2023-20579: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
nvd
CVE-2023-20558HIGHCVSS 8.8fixed in cezannepi-fp6_1.0.0.92023-04-02
CVE-2023-20558 [HIGH] CWE-670 CVE-2023-20558: Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
nvd
CVE-2023-20559HIGHCVSS 8.8fixed in cezannepi-fp6_1.0.0.92023-04-02
CVE-2023-20559 [HIGH] CWE-691 CVE-2023-20559: Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamp Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
nvd
CVE-2021-26384HIGHCVSS 7.8fixed in cezannepi-fp6_1.0.0.92022-07-14
CVE-2021-26384 [HIGH] CWE-125 CVE-2021-26384: A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
nvd
CVE-2021-26382MEDIUMCVSS 4.4fixed in cezannepi-fp6_1.0.0.92022-07-14
CVE-2021-26382 [MEDIUM] CVE-2021-26382: An attacker with root account privileges can load any legitimately signed firmware image into the Au An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
nvd
CVE-2021-26339MEDIUMCVSS 5.5fixed in cezannepi-fp6_1.0.0.9a2022-05-11
CVE-2021-26339 [MEDIUM] CVE-2021-26339: A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
nvd