Amd Ryzen Threadripper Pro 5975Wx Firmware vulnerabilities

8 known vulnerabilities affecting amd/ryzen_threadripper_pro_5975wx_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2023-20569MEDIUMCVSS 4.7fixed in chagallwspi-swrx8_1.0.0.72023-08-08
CVE-2023-20569 [MEDIUM] CWE-203 CVE-2023-20569: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the retur A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
nvd
CVE-2023-20558HIGHCVSS 8.8fixed in castlepeakwspi-swrx8_1.0.0.92023-04-02
CVE-2023-20558 [HIGH] CWE-670 CVE-2023-20558: Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
nvd
CVE-2023-20559HIGHCVSS 8.8fixed in castlepeakwspi-swrx8_1.0.0.92023-04-02
CVE-2023-20559 [HIGH] CWE-691 CVE-2023-20559: Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamp Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
nvd
CVE-2021-26373MEDIUMCVSS 5.5fixed in chagallwspi-swrx8_1.0.0.2fixed in castlepeakwspi-swrx8_1.0.0.92022-05-11
CVE-2021-26373 [MEDIUM] CWE-20 CVE-2021-26373: Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunc Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
nvd
CVE-2021-26388MEDIUMCVSS 5.5fixed in chagallwspi-swrx8_1.0.0.2fixed in castlepeakwspi-swrx8_1.0.0.92022-05-11
CVE-2021-26388 [MEDIUM] CWE-125 CVE-2021-26388: Improper validation of the BIOS directory may allow for searches to read beyond the directory table Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
nvd
CVE-2021-26378MEDIUMCVSS 5.5fixed in castlepeakwspi-swrx8_1.0.0.92022-05-11
CVE-2021-26378 [MEDIUM] CWE-119 CVE-2021-26378: Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid add Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
nvd
CVE-2021-26376MEDIUMCVSS 5.5fixed in castlepeakwspi-swrx8_1.0.0.92022-05-11
CVE-2021-26376 [MEDIUM] CVE-2021-26376: Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
nvd
CVE-2021-26375MEDIUMCVSS 5.5fixed in castlepeakwspi-swrx8_1.0.0.92022-05-11
CVE-2021-26375 [MEDIUM] CVE-2021-26375: Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in ac Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
nvd