BDU:2025-01835

Опубликовано: 11 фев. 2025

Источник: fstec

CVSS3: 8.2

CVSS2: 6.8

EPSS Низкий

Описание

Уязвимость драйвера AmdPspP2CmboxV2 микропрограммного обеспечения процессоров AMD связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Вендор

Advanced Micro Devices Inc.

Наименование ПО

AMD Ryzen Embedded R1000

AMD Ryzen Embedded R2000

AMD Ryzen Embedded V1000

4th Gen AMD EPYC

2nd Gen AMD EPYC

AMD EPYC Embedded 7002

AMD Ryzen Threadripper PRO 7000 WX-Series Processors

AMD Ryzen Threadripper PRO 3000WX Series Processors

AMD Ryzen 5000 Series Desktop Processors Vermeer AM4

AMD Ryzen 5000 Series Desktop processor with Radeon graphics

AMD Ryzen 7000 Series Processors Raphael

AMD Ryzen 3000 Series Desktop Processors Matisse AM4

AMD Athlon 3000 Series Desktop Processors with Radeon Graphics

AMD Ryzen 4000 Series Desktop processors with Radeon graphics

AMD Ryzen 8000 Series Processor with Radeon Graphics Phoenix

AMD Ryzen Threadripper 3000 Series Processors

AMD Athlon 3000 Series Mobile Processors with Radeon Graphics Dali FP5

AMD Athlon 3000 Series Mobile Processors with Radeon Graphics Pollock

AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics Picasso

AMD Ryzen 4000 Series Mobile Processors with Radeon Graphics Renoir FP6

AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics Lucienne

AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics Cezanne

AMD Ryzen 7020 Series Mobile Processors Mendocino

AMD Ryzen 6000 Series Mobile Processors Rembrandt

AMD Ryzen 7035 Series Mobile Processors with Radeon Graphics

AMD Ryzen 5000 Series Processors with Radeon Graphics Barcelo

AMD Ryzen 7000 Series Processors with Radeon Graphics

AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics

AMD Ryzen 8040 Series Mobile Processors with Radeon Graphics Hawk Point

AMD Ryzen 7000 Series Mobile Processors Dragon Range

AMD Ryzen Embedded 8000

AMD Ryzen Embedded V2000

AMD Ryzen Embedded V3000

1st Gen AMD EPYC

3rd Gen AMD EPYC

AMD Instinct MI300A

AMD Ryzen Threadripper PRO 5000 WX-Series

AMD EPYC Embedded 3000

AMD EPYC Embedded 7003

AMD EPYC Embedded 9003

AMD Ryzen Embedded 5000

AMD Ryzen Embedded 7000

Версия ПО

- (AMD Ryzen Embedded R1000)

- (AMD Ryzen Embedded R2000)

- (AMD Ryzen Embedded V1000)

до GenoaPI 1.0.0.D (4th Gen AMD EPYC)

до Rome PI 1.0.0.K (2nd Gen AMD EPYC)

до EmbRomePI-SP3 1.0.0.D (AMD EPYC Embedded 7002)

до StormPeakPI-SP6 1.0.0.1j (AMD Ryzen Threadripper PRO 7000 WX-Series Processors)

до StormPeakPI-SP6 1.1.0.0h (AMD Ryzen Threadripper PRO 7000 WX-Series Processors)

до ChagallWSPI-sWRX8 1.0.0.9 (AMD Ryzen Threadripper PRO 3000WX Series Processors)

до ComboAM4v2PI 1.2.0.D (AMD Ryzen 5000 Series Desktop Processors Vermeer AM4)

до ComboAM4v2PI 1.2.0.D (AMD Ryzen 5000 Series Desktop processor with Radeon graphics)

до ComboAM5PI 1.2.0.2b (AMD Ryzen 7000 Series Processors Raphael)

до ComboAM5PI 1.1.0.3b (AMD Ryzen 7000 Series Processors Raphael)

до ComboAM5PI 1.0.0.a (AMD Ryzen 7000 Series Processors Raphael)

до ComboAM4PI 1.0.0.C (AMD Ryzen 3000 Series Desktop Processors Matisse AM4)

до ComboAM4v2PI 1.2.0.D (AMD Ryzen 3000 Series Desktop Processors Matisse AM4)

до ComboAM4PI 1.0.0.C (AMD Athlon 3000 Series Desktop Processors with Radeon Graphics)

до ComboAM4v2PI 1.2.0.D (AMD Athlon 3000 Series Desktop Processors with Radeon Graphics)

до ComboAM4v2PI 1.2.0.D (AMD Ryzen 4000 Series Desktop processors with Radeon graphics)

до ComboAM5PI 1.2.0.2b (AMD Ryzen 8000 Series Processor with Radeon Graphics Phoenix)

до ComboAM5PI 1.1.0.3b (AMD Ryzen 8000 Series Processor with Radeon Graphics Phoenix)

до CastlePeakPI-SP3r3 1.0.0.D (AMD Ryzen Threadripper 3000 Series Processors)

до CastlePeakWSPI-sWRX8 1.0.0.F (AMD Ryzen Threadripper PRO 3000WX Series Processors)

до PicassoPI-FP5 1.0.1.2a (AMD Athlon 3000 Series Mobile Processors with Radeon Graphics Dali FP5)

до PollockPI-FT5 1.0.0.8a (AMD Athlon 3000 Series Mobile Processors with Radeon Graphics Pollock)

до PicassoPI-FP5 1.0.1.2a (AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics Picasso)

до RenoirPI-FP6 1.0.0.Ea (AMD Ryzen 4000 Series Mobile Processors with Radeon Graphics Renoir FP6)

до CezannePI-FP6 1.0.1.1a (AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics Lucienne)

до CezannePI-FP6 1.0.1.1a (AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics Cezanne)

до MendocinoPI-FT6 1.0.0.7a (AMD Ryzen 7020 Series Mobile Processors Mendocino)

до RembrandtPI-FP7 1.0.0.Ba (AMD Ryzen 6000 Series Mobile Processors Rembrandt)

до RembrandtPI-FP7 1.0.0.Ba (AMD Ryzen 7035 Series Mobile Processors with Radeon Graphics)

до CezannePI-FP6 1.0.1.1a (AMD Ryzen 5000 Series Processors with Radeon Graphics Barcelo)

до CezannePI-FP6 1.0.1.1a (AMD Ryzen 7000 Series Processors with Radeon Graphics)

до PhoenixPI-FP8-FP7 1.1.8.0 (AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics)

до PhoenixPI-FP8-FP7 1.1.8.0 (AMD Ryzen 8040 Series Mobile Processors with Radeon Graphics Hawk Point)

до DragonRangeFL1PI 1.0.0.3f (AMD Ryzen 7000 Series Mobile Processors Dragon Range)

до EmbeddedPhoenixPI-FP7r2_1.2.0.0 (AMD Ryzen Embedded 8000)

до EmbeddedPI-FP6 1.0.0.B (AMD Ryzen Embedded V2000)

до EmbeddedPI_FP7R2 1.0.0.C (AMD Ryzen Embedded V3000)

до Naples PI 1.0.0.N (1st Gen AMD EPYC)

до Milan PI 1.0.0.E (3rd Gen AMD EPYC)

до MI300PI 1.0.0.5 (AMD Instinct MI300A)

до ChagallWSPI-sWRX8 1.0.0.9 (AMD Ryzen Threadripper PRO 5000 WX-Series)

до SnowyOwlPI 1.1.0.E (AMD EPYC Embedded 3000)

до EmbMilanPI-SP3 1.0.0.A (AMD EPYC Embedded 7003)

до EmbGenoaPI 1.0.0.9 (AMD EPYC Embedded 9003)

до EmbAM4PI 1.0.0.7 (AMD Ryzen Embedded 5000)

до EmbeddedV2KAPI-FP6 1.0.0.7 (AMD Ryzen Embedded 7000)

Тип ПО

Микропрограммный код аппаратных компонент компьютера

Микропрограммный код

ПО программно-аппаратного средства

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)

Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,2)

Возможные меры по устранению уязвимости

Использование рекомендаций:

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 11%

0.0004

Низкий

8.2 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ROS-20250818-04

CVSS3: 8.2

redos

19 дней назад

Множественные уязвимости linux-firmware

CVE-2024-21925

CVSS3: 8.2

redhat

7 месяцев назад

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

CVE-2024-21925

CVSS3: 8.2

nvd

7 месяцев назад

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

GHSA-m78v-p3pw-4h65

CVSS3: 8.2

github

7 месяцев назад

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

EPSS

Процентиль: 11%

0.0004

Низкий

8.2 High

CVSS3

6.8 Medium

CVSS2