55 matches found
CVE-2021-46773
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...
CVE-2021-46760
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution...
Input validation
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...
CVE-2021-46775
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...
CVE-2021-26354
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity...
CVE-2021-26397
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...
Information disclosure
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...
Authorization
Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...
Input validation
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...
CVE-2021-46773
CVE-2021-46773 involves insufficient input validation in the AMD bootloader (ABL) that may allow a privileged attacker to corrupt the AMD Secure Processor (ASP) memory, potentially resulting in loss of integrity or code execution. The connected documents provide concrete details: the vulnerabilit...
CVE-2021-46773
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...
CVE-2021-46760
CVE-2021-46760 affects AMD Secure Processor (ASP) and AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can send a malformed system call to the bootloader, causing out-of-bounds memory access and potentially leaking sensitive information or achieving code execution. CVSS ...
CVE-2021-46753
Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...
CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...
CVE-2021-26371
The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...
CVE-2021-26354
CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...
CVE-2021-46775
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...
CVE-2021-46775
CVE-2021-46775 is documented as an Improper input validation in the AMD Boot Loader (ABL) that may allow an attacker with physical access to perform arbitrary memory overwrites, potentially causing loss of integrity and code execution. Connected sources confirm this risk applies to AMD Secure Pro...
CVE-2021-26398
Insufficient input validation in SYSKEYDERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential arbitrary code execution...
CVE-2021-26363
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure...