PT-2022-9739 · Amd · Athlon™ Series +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area,...

AMD System Management Unit 信息泄露漏洞

The AMD System Management Unit SMU is a system management unit of AMD Corporation. A security vulnerability exists in the AMD System Management Unit that originates from the use of a malicious or corrupted user application UApp or AGESA bootloader ABL to filter arbitrary memory from the ASP stage...

PT-2022-9752 · Amd · Athlon™ Series +50

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader, potentially leading to...

CVE-2021-26347

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

Integer overflow

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

PT-2022-9730 · Amd +1 · Amd Secure Processor +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to a failure to validate the integer operand in the ASP bootloader, which may allow an attacker to introduce an integer overflow in the L2 directory table ...

CVE-2021-26390

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data...

CVE-2021-26370

Improper validation of destination address in SVCLOADFWIMAGEBYINSTANCE and SVCLOADBINARYBYATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability...

CVE-2021-26370

Improper validation of destination address in SVCLOADFWIMAGEBYINSTANCE and SVCLOADBINARYBYATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability...

Input validation

Improper validation of destination address in SVCLOADFWIMAGEBYINSTANCE and SVCLOADBINARYBYATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability...

Design/Logic Flaw

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data...

CVE-2021-26370

Improper validation of destination address in SVCLOADFWIMAGEBYINSTANCE and SVCLOADBINARYBYATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability...

CVE-2021-26390

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data...

AMD EPYC 安全漏洞

AMD EPYC is an x86 server microprocessor product line from AMD, known as "Xiao Long" in Chinese, which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC UApp/ABL. The vulnerability can be exploited by an attacker to corrupt arbitrary memory by bootloading a program,...

CVE-2022-30330

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...

CVE-2022-30330

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...

Design/Logic Flaw

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...

PT-2022-20066 · Keepkey · Keepkey

Name of the Vulnerable Software and Affected Versions: KeepKey firmware versions prior to 7.3.2 Description: The issue is related to flaws in the supervisor interface of the KeepKey firmware, which can be exploited to bypass security restrictions on firmware operations. This can allow malicious...

Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2022-1517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei FLMG-10 授权问题漏洞

Huawei FLMG-10 is a high-end Bluetooth remote control speaker from Huawei, China. The Huawei FLMG-10 suffers from an authorization issue vulnerability that stems from incorrect authentication issues. A local attacker can exploit the vulnerability to install a persistent and cryptic bootstrap or...