70 matches found
CVE-2021-46766
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...
Input validation
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...
Input validation
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...
CVE-2021-46758
Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...
CVE-2023-20526
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...
CVE-2023-20526
CVE-2023-20526 affects the AMD ASP Bootloader (ASP) within AMD EPYC Embedded platforms. The issue is insufficient input validation in the ASP Bootloader, which could allow a privileged attacker with physical access to expose ASP memory contents and potentially breach confidentiality. Industry adv...
CVE-2023-20521
CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
CVE-2021-46766
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...
CVE-2021-46766
CVE-2021-46766 is reported as a vulnerability in AMD ASP/ASP Bootloader where improper clearing of sensitive data may expose secret keys to a privileged attacker with access to ASP SRAM, potentially compromising confidentiality. Concrete technical context appears in accompanying advisories: AMD’s...
PT-2023-12580 · Unknown +1 · Asp Bootloader +1
Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to the improper clearing of sensitive data in the ASP Bootloader, which may expose secret keys to a privileged attacker accessing ASP SRAM. This could potentiall...
CVE-2021-46756
Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...
CVE-2021-46754
Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
Design/Logic Flaw
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
Input validation
Improper syscall input validation in AMD TEE Trusted Execution Environment may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP AMD Secure Processor bootloader accessible memory to a serial port, resulting in a potential...
Denial of service
Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...
CVE-2023-20520
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution...
CVE-2021-46769
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution...
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...