amd AMD RyzenTM Embedded V3000 vvarious - 6 CVEs

CVE-2023-31315

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

HIGH CVSS 6.8 Published Aug 09, 2024

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

HIGH CVSS 8.2 Published Jun 18, 2024

CVE-2023-20579

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

MEDIUM CVSS 4.4 Published Feb 13, 2024

CVE-2023-20565

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

UNKNOWN Published Nov 14, 2023

CVE-2023-20563

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

UNKNOWN CVSS 7.8 Published Nov 14, 2023

CVE-2022-23821

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.