CPE Details
Advanced Micro Devices (AMD) Ryzen 9 5900hx Firmware CezannePI-FP6 1.0.0.6
cezannepi-fp6_1.0.0.6
2024-12-13
17h36 +00:00
17h36 +00:00
2024-12-13
17h36 +00:00
17h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:amd:ryzen_9_5900hx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
Informations
Vendor
amdProduct
ryzen_9_5900hx_firmwareVersion
cezannepi-fp6_1.0.0.6Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | 6 |
Medium |
||
| Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 9.8 |
Critical |
||
| A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | 8.1 |
High |
||
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
High |
||
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
High |
||
| Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. | 6.1 |
Medium |
||
| Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | 7.8 |
High |
||
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | 4.7 |
Medium |
||
| Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. | 5.5 |
Medium |
||
| Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | 8.8 |
High |
||
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | 8.8 |
High |
||
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | 7.8 |
High |
||
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | 4.4 |
Medium |
||
| Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | 5.5 |
Medium |
||
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | 5.5 |
Medium |
2025©
tesweb SA
