CVE-2023-20591

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability...

kernel: afs: Fix dynamic root getattr

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...

CVE-2021-26343

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure...

Input validation

Insufficient input validation during parsing of the System Management Mode SMM binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement DRTM user application memory that may result in a potential denial of service...

CVE-2021-46791

Insufficient input validation during parsing of the System Management Mode SMM binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement DRTM user application memory that may result in a potential denial of service...

PT-2023-1402 · Amd · Amd Bios +1

Name of the Vulnerable Software and Affected Versions: AMD BIOS affected versions not specified Description: The issue is related to insufficient validation in ASP BIOS and DRTM commands, which may allow malicious supervisor x86 software to disclose the contents of sensitive memory, resulting in...

GSD-2022-1004829 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.250 by commit 65c24caf1b9f5b08397c6e805ec24ebc390c6e4d, it w...

GSD-2022-1004628 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit 7b564e3254b7db5fbfbf11a824627a6c31b932b4, it w...

GSD-2022-1004466 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit 2b2bba96526f25f2eba74ecadb031de2e05a83ce, it wa...

AMD EPYC DRTM UApp 安全漏洞

AMD EPYC is an x86 architecture server microprocessor product line from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in the AMD EPYC DRTM UApp. The vulnerability arises from a partial initialization of the DRTM UApp, which...

PT-2022-6302 · Amd · System Management Mode

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to the failure to validate inputs in SMM, which may allow an attacker to create a mishandled error, leaving the DRTM UApp in a partially initialized...

Force firmware code to be measured and attested by Secure Launch on Windows 10

You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard that protect users from advanced hardware and firmware attacks. For these...