Amd

Ryzen 5 5500 Firmware

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-20571

  • EPSS 0.39%
  • Published 14.11.2023 19:15:15
  • Last modified 21.11.2024 07:41:09

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

7.8

CVE-2023-20565

  • EPSS 0.13%
  • Published 14.11.2023 19:15:15
  • Last modified 21.11.2024 07:41:07

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

7.8

CVE-2023-20563

  • EPSS 0.13%
  • Published 14.11.2023 19:15:15
  • Last modified 21.11.2024 07:41:07

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

7.5

CVE-2023-20533

  • EPSS 0.03%
  • Published 14.11.2023 19:15:15
  • Last modified 21.11.2024 07:41:06

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

9.8

CVE-2022-23821

  • EPSS 0.34%
  • Published 14.11.2023 19:15:10
  • Last modified 21.11.2024 06:49:18

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

9.8

CVE-2022-23820

  • EPSS 0.18%
  • Published 14.11.2023 19:15:10
  • Last modified 21.11.2024 06:49:18

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

7.5

CVE-2021-46774

  • EPSS 0.02%
  • Published 14.11.2023 19:15:10
  • Last modified 21.11.2024 06:34:41

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

5.5

CVE-2023-20597

  • EPSS 0.08%
  • Published 20.09.2023 18:15:12
  • Last modified 27.06.2025 22:15:25

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

4.4

CVE-2023-20594

  • EPSS 0.05%
  • Published 20.09.2023 18:15:12
  • Last modified 27.06.2025 22:15:23

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

6.8

CVE-2023-20589

  • EPSS 0.08%
  • Published 08.08.2023 18:15:11
  • Last modified 21.11.2024 07:41:10

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.  ...