Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1768 matches found

Prion
Prionadded 2023/05/09 7:15 p.m.18 views

Information disclosure

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...

1.7CVSS7AI score0.00129EPSS
Exploits0References2Affected Software70
Cvelist
Cvelistadded 2023/05/09 7:1 p.m.28 views

CVE-2021-46792

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

6.8AI score0.00416EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/05/09 7:1 p.m.9 views

CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution...

9.5AI score0.00639EPSS
Exploits0References1
CVE
CVEadded 2023/05/09 7:0 p.m.60 views

CVE-2021-46759

Consolidated details for CVE-2021-46759 show an improper syscall input validation in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE). Attack requires physical access and control of a UApp running under the bootloader to read ASP bootloader memory via a serial port, potentially ...

6.1CVSS6.6AI score0.00149EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/05/09 7:0 p.m.19 views

CVE-2021-46759

Improper syscall input validation in AMD TEE Trusted Execution Environment may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP AMD Secure Processor bootloader accessible memory to a serial port, resulting in a potential...

6.9AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/05/09 7:0 p.m.5 views

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

9.3AI score0.0047EPSS
Exploits0References2
CVE
CVEadded 2023/05/09 7:0 p.m.70 views

CVE-2021-46756

CVE-2021-46756 describes insufficient validation of inputs in SVC_MAP_USER_STACK in the AMD Secure Processor (ASP) bootloader. A malicious UApp or ABL could send malformed or invalid syscalls to the bootloader, potentially causing a denial of service and loss of integrity. The AMD security bullet...

9.1CVSS9.1AI score0.0047EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/05/09 7:0 p.m.21 views

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

9.2AI score0.0047EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/05/09 7:0 p.m.18 views

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

7.8AI score0.0054EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/05/09 7:0 p.m.8 views

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

8.4AI score0.0054EPSS
Exploits0References1
CVE
CVEadded 2023/05/09 7:0 p.m.49 views

CVE-2021-46755

CVE-2021-46755 concerns the AMD Secure Processor (ASP) bootloader: failure to unmap certain SysHub mappings in error paths could allow a malicious bootloader attacker to exhaust SysHub resources, causing denial of service. The CVE is part of AMD’s ASP/SMU risk set and is listed in AMD-SB-3001 and...

7.5CVSS8.3AI score0.0054EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/05/09 7:0 p.m.70 views

CVE-2021-46754

CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...

9.1CVSS9.1AI score0.00321EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/05/09 7:0 p.m.25 views

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

9.1AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/05/09 6:59 p.m.18 views

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...

6.5AI score0.00129EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/05/09 6:59 p.m.12 views

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...

7.2AI score0.00129EPSS
Exploits0References2
CVE
CVEadded 2023/05/09 6:59 p.m.79 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/05/09 6:58 p.m.18 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

7.9AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/05/09 6:58 p.m.7 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

8.6AI score0.00271EPSS
Exploits0References2
CVE
CVEadded 2023/05/09 6:58 p.m.63 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00271EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/05/09 6:36 p.m.64 views

CVE-2023-20520

CVE-2023-20520 affects the AMD Secure Processor (ASP) Bootloader. The issue is described as improper access control in the ASP Bootloader which may allow an attacker to corrupt the return address, causing a stack-based buffer overrun and potentially arbitrary code execution. Connected sources ide...

9.8CVSS9.6AI score0.00643EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder