Shodan
Vulnerabilities
Vulnerable Software
Amd:  >> Ryzen Threadripper 3960x Firmware  Security Vulnerabilities
CVE-2023-20533
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-11-14
CVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-14
CVE-2022-23820
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-14
CVE-2022-23821
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-14
CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-09-20
CVE-2023-20597
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-20
CVE-2023-20589
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
CVSS Score
6.8
EPSS Score
0.001
Published
2023-08-08
CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVSS Score
5.5
EPSS Score
0.059
Published
2023-07-24
CVE-2021-26354
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-09
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved