Amd Ryzen 7 3700U Firmware vulnerabilities

8 known vulnerabilities affecting amd/ryzen_7_3700u_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-23815HIGHCVSS 8.2fixed in picassopi-fp5_1.0.0.e2024-08-13
CVE-2022-23815 [HIGH] CWE-787 CVE-2022-23815: Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, c Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
nvd
CVE-2021-26367MEDIUMCVSS 6.0fixed in picassopi-fp5_1.0.0.e2024-08-13
CVE-2021-26367 [MEDIUM] CVE-2021-26367: A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
nvd
CVE-2023-20579MEDIUMCVSS 6.0fixed in cezannepi-fp6_1.0.1.02024-02-13
CVE-2023-20579 [MEDIUM] CWE-284 CVE-2023-20579: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
nvd
CVE-2022-23820CRITICALCVSS 9.8vpicassopi-fp5_1.0.0.e2023-11-14
CVE-2022-23820 [HIGH] CWE-20 CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM pote Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
nvd
CVE-2022-23821CRITICALCVSS 9.8vpicassopi-fp5_1.0.0.e2023-11-14
CVE-2022-23821 [CRITICAL] CVE-2022-23821: Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM po Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
nvd
CVE-2023-20521MEDIUMCVSS 5.7fixed in picassopi-fp5_1.0.0.e2023-11-14
CVE-2023-20521 [LOW] CWE-367 CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM recor TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
nvd
CVE-2023-20555HIGHCVSS 7.8fixed in picassopi-fp5_1.0.0.f2023-08-08
CVE-2023-20555 [HIGH] CWE-787 CVE-2023-20555: Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
nvd
CVE-2021-26382MEDIUMCVSS 4.4fixed in renoirpi-fp6_1.0.0.72022-07-14
CVE-2021-26382 [MEDIUM] CVE-2021-26382: An attacker with root account privileges can load any legitimately signed firmware image into the Au An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
nvd