AMD Secure Processor 缓冲区错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. ASP AMD Secure Processor suffers from a security vulnerability that stems from insufficient boundary checking. An attacker exploits the vulnerability to write partially controlled data to the SMM or SEV-E...

AMD Secure Processor 安全漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP, AMD System Management Unit SMU, and AMD Secure Encrypted Virtualization SEV, which stems from insufficient authentication of commands, which...

AMD Secure Processor(ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from incorrect system call input validation in the Bootloader, which could allow a privileged attacker to read memory out of bound...

AMD Secure Processor 安全漏洞

AMD Secure Encrypted Virtualization is a product of AMD Semiconductor, Inc. AMD Secure Encrypted Virtualization is a software application.AMD System Management Unit SMU is a system management unit. AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip. A security vulnerability exists in AM...

AMD Secure Processor (ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP that stems from insufficient validation of input. An attacker could exploit the vulnerability to gain write access to memory, resulting in loss ...

AMD Secure Processor 数据伪造问题漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP that stems from insufficient validation of IO address mappings, resulting in a loss of memory integrity...

多款AMD产品 安全漏洞

The AMD System Management Unit SMU and AMD Secure Processor ASP are both products of UltraMicroelectronics AMD, Inc.The AMD System Management Unit is a system management unit.The AMD Secure Processor is a standalone AMD Secure Processor is a standalone ARM Coretex-A5 chip. A security vulnerabilit...

CVE-2021-46779

CVE-2021-46779 is an AMD Secure Processor (ASP) vulnerability: insufficient input validation in the SVC_ECC_PRIMITIVE system call could allow a compromised user application or ABL to corrupt ASP OS memory, risking loss of integrity and availability. Connected sources confirm the issue and link to...

CVE-2021-26402

Insufficient bounds checking in ASP AMD Secure Processor firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability...

CVE-2021-26398

CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...

CVE-2021-26396

The CVE-2021-26396 issue affects the AMD Secure Processor (ASP) where insufficient validation of address mapping to IO can lead to loss of memory integrity in the SNP guest. The entry is supported by multiple sources (NVD/NCSC AMD SB) detailing the vulnerability and its scope across AMD EPYC gene...

CVE-2021-26396

Insufficient validation of address mapping to IO in ASP AMD Secure Processor may result in a loss of memory integrity in the SNP guest...

CVE-2021-26346

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

PT-2023-12585 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient input validation in the SVC ECC PRIMITIVE system call. This can be exploited by an attacker in a compromised user application or ABL to...

PT-2023-1403 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to insufficient input validation in the ASP, which may allow an attacker with physical access to gain unauthorized write access to memory. This could...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

PT-2023-1412 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to insufficient input validation in the SYS KEY DERIVE system call, which can be exploited by an attacker to corrupt AMD Secure Processor ASP OS memory...

PT-2023-1408 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of address mapping to IO in the AMD Secure Processor, which may result in a loss of memory integrity in the SNP guest. This coul...

PT-2023-1482 · Amd · Amd System Management Unit +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP and System Management Unit SMU affected versions not specified Description: The issue is related to the software interfaces of ASP and SMU, which may not properly enforce the SNP memory security policy. This could lea...

PT-2023-1483 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability in the ASP, which may allow a physical attacker to write beyond buffer bounds. This could...