Amd Ryzen 7 7735hs Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Amd Ryzen 7 7735hs Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-20596 — CVSS 9.8 (critical): Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially…
CVE-2022-23821 — CVSS 9.8 (critical): Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code…
CVE-2023-20571 — CVSS 8.1 (high): A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897…
CVE-2023-20565 — CVSS 7.8 (high): Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local…
CVE-2023-20563 — CVSS 7.8 (high): Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local…
CVE-2022-23820 — CVSS 7.5 (high): Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code…
CVE-2023-20589 — CVSS 6.8 (medium): An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack…
CVE-2023-4969 — CVSS 6.5 (medium): A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called…
CVE-2021-46758 — CVSS 6.1 (medium): Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory…
CVE-2023-20579 — CVSS 6.0 (medium): Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections…
CVE-2023-20569 — CVSS 4.7 (medium): A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in…