Amd Amd Ryzen™ Embedded V3000
14 CVEs affecting Amd Amd Ryzen™ Embedded V3000. Latest disclosed: 2025-02-12. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-0179 | High | 8.2 | 2025-02-11 | SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in ar… |
CVE-2024-21925 | High | 8.2 | 2025-02-11 | Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. |
CVE-2023-31345 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31343 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31342 | High | 7.5 | 2025-02-11 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
CVE-2023-31315 | High | 7.5 | 2024-08-09 | Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled… |
CVE-2023-20515 | Medium | 5.7 | 2025-02-11 | Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integri… |
CVE-2024-21971 | Medium | 5.5 | 2025-02-12 | Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an oper… |
CVE-2023-31331 | Low | 3.0 | 2025-02-11 | Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption… |
CVE-2023-20507 | Low | 2.3 | 2025-02-11 | An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. |
CVE-2023-20579 | | 2024-02-13 | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulti… | |
CVE-2023-20565 | | 2023-11-14 | Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |
CVE-2023-20597 | | 2023-09-20 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |
CVE-2023-20594 | | 2023-09-20 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. |