Ryzen™ 5000 series mobile processors with radeon™ graphics “lucienne”

This hub aggregates every CVE we track for Ryzen™ 5000 series mobile processors with radeon™ graphics “lucienne”, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ryzen™ 5000 series mobile processors with radeon™ graphics “lucienne”.

• CVE-2022-23821Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. 9.8Nov 14, 2023
• CVE-2021-46758Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of ava...6.1Nov 14, 2023
• CVE-2023-20594Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.4.4Sep 20, 2023
• CVE-2023-20555Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary ...7.8Aug 8, 2023
• CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.5.5Jul 24, 2023
• CVE-2021-46794Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting i...7.5May 9, 2023
• CVE-2021-46792Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon...5.9May 9, 2023
• CVE-2021-46773Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. 8.8May 9, 2023
• CVE-2021-46765Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. 7.5May 9, 2023
• CVE-2021-46759Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents o...6.1May 9, 2023
• CVE-2021-46756Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the b...9.1May 9, 2023
• CVE-2021-46755Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a...7.5May 9, 2023
• CVE-2021-46754Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the S...9.1May 9, 2023
• CVE-2021-46753Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and over...9.1May 9, 2023
• CVE-2021-46749Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting i...7.5May 9, 2023