Amd Amd Ryzen™ Embedded V2000
16 CVEs affecting Amd Amd Ryzen™ Embedded V2000. Latest disclosed: 2025-02-12. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-0179 | High | 8.2 | 2025-02-11 | SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in ar… |
CVE-2024-21925 | High | 8.2 | 2025-02-11 | Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. |
CVE-2023-31345 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31343 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31342 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31315 | High | 7.5 | 2024-08-09 | Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled… |
CVE-2023-20515 | Medium | 5.7 | 2025-02-11 | Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integri… |
CVE-2024-21971 | Medium | 5.5 | 2025-02-12 | Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an oper… |
CVE-2023-31331 | Low | 3.0 | 2025-02-11 | Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption… |
CVE-2023-20507 | Low | 2.3 | 2025-02-11 | An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. |
CVE-2023-20579 | | 2024-02-13 | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulti… | |
CVE-2021-46757 | | 2024-02-13 | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address spa… | |
CVE-2023-20597 | | 2023-09-20 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |
CVE-2021-46754 | | 2023-05-09 | Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into e… | |
CVE-2021-26392 | | 2022-11-09 | Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain cod… | |
CVE-2021-26393 | | 2022-11-09 | Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to genera… |