Lucene search
+L

70 matches found

NVD
NVD
added 2023/11/14 7:15 p.m.36 views

CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...

5.5CVSS0.00228EPSS
Exploits0References3
Prion
Prion
added 2023/11/14 7:15 p.m.21 views

Input validation

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...

1.7CVSS6.8AI score0.00228EPSS
Exploits0References3Affected Software28
Prion
Prion
added 2023/11/14 7:15 p.m.25 views

Input validation

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...

2.1CVSS6.6AI score0.0031EPSS
Exploits0References3Affected Software73
Cvelist
Cvelist
added 2023/11/14 6:54 p.m.35 views

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

6.9AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/14 6:52 p.m.42 views

CVE-2023-20526

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...

1.9CVSS6.7AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2023/11/14 6:52 p.m.64 views

CVE-2023-20526

CVE-2023-20526 affects the AMD ASP Bootloader (ASP) within AMD EPYC Embedded platforms. The issue is insufficient input validation in the ASP Bootloader, which could allow a privileged attacker with physical access to expose ASP memory contents and potentially breach confidentiality. Industry adv...

4.6CVSS5.9AI score0.0031EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/11/14 6:52 p.m.90 views

CVE-2023-20521

CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...

5.7CVSS6.1AI score0.00257EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 6:52 p.m.25 views

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...

3.3CVSS5.3AI score0.00257EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/14 6:51 p.m.46 views

CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...

2.5CVSS7.4AI score0.00228EPSS
Exploits0References3
CVE
CVE
added 2023/11/14 6:51 p.m.71 views

CVE-2021-46766

CVE-2021-46766 is reported as a vulnerability in AMD ASP/ASP Bootloader where improper clearing of sensitive data may expose secret keys to a privileged attacker with access to ASP SRAM, potentially compromising confidentiality. Concrete technical context appears in accompanying advisories: AMD’s...

5.5CVSS6.1AI score0.00228EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.3 views

PT-2023-12580 · Unknown +1 · Asp Bootloader +1

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to the improper clearing of sensitive data in the ASP Bootloader, which may expose secret keys to a privileged attacker accessing ASP SRAM. This could potentiall...

9.8CVSS5.5AI score0.01018EPSS
Exploits0References32
NVD
NVD
added 2023/05/09 8:15 p.m.29 views

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

9.1CVSS9.1AI score0.00645EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 8:15 p.m.13 views

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

9.1CVSS9AI score0.00565EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 8:15 p.m.38 views

CVE-2021-46792

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

5.9CVSS6.6AI score0.00395EPSS
Exploits0References1
Prion
Prion
added 2023/05/09 8:15 p.m.27 views

Design/Logic Flaw

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

2.6CVSS6.5AI score0.00395EPSS
Exploits0References1Affected Software55
Prion
Prion
added 2023/05/09 8:15 p.m.21 views

Input validation

Improper syscall input validation in AMD TEE Trusted Execution Environment may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP AMD Secure Processor bootloader accessible memory to a serial port, resulting in a potential...

3.6CVSS6.7AI score0.00284EPSS
Exploits0References1Affected Software56
Prion
Prion
added 2023/05/09 8:15 p.m.13 views

Denial of service

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

5CVSS8.3AI score0.00616EPSS
Exploits0References1Affected Software23
OSV
OSV
added 2023/05/09 7:15 p.m.6 views

CVE-2023-20520

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution...

9.8CVSS6.1AI score0.00789EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 7:15 p.m.39 views

CVE-2021-46769

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution...

8.8CVSS8.8AI score0.00784EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 7:15 p.m.16 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

7.4CVSS7.8AI score0.00399EPSS
Exploits0References2
Rows per page
Query Builder