CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

CVE-2021-46758

CVE-2021-46758 involves insufficient validation of SPI flash addresses in the AMD Secure Processor (ASP) bootloader. The issue may allow an attacker to read data mapped beyond SPI flash, potentially impacting availability and integrity. Related documents confirm the vulnerability in ASP bootloade...

CVE-2021-46748

CVE-2021-46748 involves insufficient bounds checking in the AMD Secure Processor (ASP), potentially allowing a local attacker to access memory outside the bounds allowed to a Trusted Application, causing a denial of service. Connected sources confirm impact on AMD graphics components and ASP inte...

CVE-2021-46748

Insufficient bounds checking in the ASP AMD Secure Processor may allow an attacker to access memory outside the bounds of what is permissible to a TA Trusted Application resulting in a potential denial of service...

AMD Secure Processor Security Vulnerability

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. A security vulnerability exists in AMD Secure Processor, which stems from the fact that insufficient validation of the SPI flash address in the bootloader could allow an attacker to read data mapped to memory other than the SP...

PT-2023-12572 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of SPI flash addresses in the ASP bootloader, which may allow an attacker to read data in memory mapped beyond SPI flash. This...

AMD Secure Processor Buffer Error Vulnerability

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. The AMD Secure Processor suffers from a buffer error vulnerability that stems from the fact that insufficient boundary checking in the AMD Secure Processor could lead to an attacker accessing memory outsi...

CVE-2021-46794

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

Input validation

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-46749

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46749

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

Authorization

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

CVE-2021-46794

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46794

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

CVE-2021-46754

CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...