Description: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.
AMD-SB-7014
CVE-2023-31315
AMD-SB-7014
2024-08-13
Client Vulnerabilities – Aug 2024, Aug 13, 2024
Description: Potential vulnerabilities in AMD Secure Processor (ASP), and other platform components were reported. Mitigations are being provided in Platform Initialization (PI) firmware packages.
AMD-SB-4004
CVE-2023-20518
CVE-2021-46772
CVE-2021-26387
CVE-2021-46746
CVE-2024-21981
CVE-2021-26367
CVE-2022-23817
CVE-2021-26344
CVE-2023-20578
CVE-2022-23815
AMD-SB-4004
2024-08-13
AMD Server Vulnerabilities – August 2024, Aug 13, 2024
Description: Potential vulnerabilities in the AMD Secure Processor (ASP), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) and other platform components were discovered, and mitigations have been provided in AMD EPYC™ Platform Initialization (PI) firmware packages.
AMD-SB-3003
CVE-2023-31356
CVE-2023-20584
CVE-2023-20591
AMD-SB-3003
CVE-2023-20518
CVE-2021-46772
CVE-2021-26387
CVE-2021-46746
CVE-2024-21981
CVE-2021-26344
CVE-2023-20578
2024-08-05
Guest Memory Vulnerabilities, Aug 05, 2024
Description: A researcher has reported to AMD three potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). The reports detail ways that a malicious hypervisor controlled by the host system, could read or corrupt the memory of a guest VM.
AMD-SB-3011
CVE-2023-31355
CVE-2024-21980
CVE-2024-21978
AMD-SB-3011
2024-06-13
AMD Processor Vulnerabilities, June 13, 2024
Description: Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors.
AMD has assessed the researchers’ findings and is publishing CVEs and mitigation recommendations for any issues that were found to impact AMD platforms. AMD believes some of the findings were made on PCs running outdated firmware or software. As always, AMD recommends following security best practices, including keeping operating systems up-to-date and running the latest versions of firmware and software.nds following security best practices, including keeping operating systems up-to-date and running the latest versions of firmware and software.
Description: Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode (SMM) ROM protections.
AMD-SB-1041
CVE-2022-23829
AMD-SB-1041
2024-04-30
Return Address Security Bulletins, April 30, 2024
Description: AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.
AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time.
AMD-SB-7005
CVE-2023-20569
AMD-SB-7005
2024-04-30
Cross-Process Information Leak, April 30, 2024
Description: Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.
This website uses essential and analytics cookies. You can choose your option by clicking "Accept All Cookies" or "Accept Essential Cookies" as Cookies Preferences.