threat
engine
.sh
Back
·
··:··
Home
/
Product
/
amd ryzen 5 5600ge firmware
Product
amd ryzen 5 5600ge firmware
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-26367
< comboam4v2_pi_1.2.0.5
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary a
5.7
MEDIUM
CVE-2023-20579
< comboam4v2pi_1.2.0.c
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass pr
6.0
MEDIUM
CVE-2023-4969
all versions
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory regio
6.5
MEDIUM
CVE-2023-20596
< comboam4v2_1.2.0.b
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentia
9.8
CRITICAL
CVE-2023-20571
< comboam4v2_1.2.0.b
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-88
8.1
HIGH
CVE-2023-20565
< comboam4v2_1.2.0.b
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege
7.8
HIGH
CVE-2023-20563
< comboam4v2_1.2.0.b
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege
7.8
HIGH
CVE-2021-46758
< comboam4v2_pi_1.2.0.8
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in
6.1
MEDIUM
CVE-2023-20597
all versions
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
5.5
MEDIUM
CVE-2023-20594
all versions
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
4.4
MEDIUM
CVE-2023-20589
all versions
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection a
6.8
MEDIUM
CVE-2023-20569
< comboam4v2pi_1.2.0.b
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may re
4.7
MEDIUM
CVE-2023-20555
< comboam4v2_pi_1.2.0.a
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit
7.8
HIGH
CVE-2021-26365
< cezannepi-fp6_1.0.0.8
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of
8.2
HIGH
CVE-2021-26354
all versions
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary
5.5
MEDIUM
CVE-2023-20559
< comboam4_v2_pi_1.2.0.6c
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potential
8.8
HIGH
CVE-2023-20558
< comboam4_v2_pi_1.2.0.6c
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially le
8.8
HIGH
CVE-2021-26346
all versions
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer ove
5.5
MEDIUM
CVE-2021-26316
all versions
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer
7.8
HIGH
CVE-2021-26393
all versions
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attac
5.5
MEDIUM
CVE-2021-26392
all versions
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacke
7.8
HIGH
CVE-2021-26391
all versions
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privil
7.8
HIGH
CVE-2020-12931
all versions
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges
7.8
HIGH
CVE-2020-12930
all versions
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges pot
7.8
HIGH
CVE-2021-46778
all versions
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen
5.6
MEDIUM
CVE-2021-26384
< comboam4_v2_pi_1.2.0.6c
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structu
7.8
HIGH
CVE-2021-26382
< comboam4_v2_pi_1.2.0.6c
An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irresp
4.4
MEDIUM
CVE-2021-26390
all versions
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of i
6.2
MEDIUM
CVE-2021-26352
all versions
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address
5.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin