Lucene search
K

55 matches found

NVD
NVD
added 2023/05/09 8:15 p.m.19 views

CVE-2021-46773

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...

8.8CVSS8.7AI score0.00771EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 8:15 p.m.24 views

CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution...

9.8CVSS9.5AI score0.00776EPSS
Exploits0References1
Prion
Prion
added 2023/05/09 8:15 p.m.21 views

Input validation

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...

6.5CVSS8.9AI score0.00771EPSS
Exploits0References1Affected Software63
NVD
NVD
added 2023/05/09 7:15 p.m.37 views

CVE-2021-46775

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...

6.8CVSS6.6AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 7:15 p.m.37 views

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity...

5.5CVSS6.3AI score0.00178EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 7:15 p.m.20 views

CVE-2021-26397

Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...

7.1CVSS6.9AI score0.00176EPSS
Exploits0References1
Prion
Prion
added 2023/05/09 7:15 p.m.20 views

Information disclosure

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...

1.7CVSS7AI score0.00189EPSS
Exploits0References2Affected Software70
Prion
Prion
added 2023/05/09 7:15 p.m.31 views

Authorization

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

6.4CVSS9.1AI score0.0056EPSS
Exploits0References1Affected Software66
Prion
Prion
added 2023/05/09 7:15 p.m.36 views

Input validation

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...

4.6CVSS7.4AI score0.00318EPSS
Exploits0References1Affected Software48
CVE
CVE
added 2023/05/09 7:1 p.m.49 views

CVE-2021-46773

CVE-2021-46773 involves insufficient input validation in the AMD bootloader (ABL) that may allow a privileged attacker to corrupt the AMD Secure Processor (ASP) memory, potentially resulting in loss of integrity or code execution. The connected documents provide concrete details: the vulnerabilit...

8.8CVSS8.8AI score0.00771EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/09 7:1 p.m.22 views

CVE-2021-46773

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution...

8.8AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 7:1 p.m.62 views

CVE-2021-46760

CVE-2021-46760 affects AMD Secure Processor (ASP) and AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can send a malformed system call to the bootloader, causing out-of-bounds memory access and potentially leaking sensitive information or achieving code execution. CVSS ...

9.8CVSS9.4AI score0.00776EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/09 7:0 p.m.33 views

CVE-2021-46753

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

9.3AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/09 6:59 p.m.23 views

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure...

6.5AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/09 6:36 p.m.41 views

CVE-2021-46775

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...

6.8AI score0.00318EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 6:36 p.m.65 views

CVE-2021-46775

CVE-2021-46775 is documented as an Improper input validation in the AMD Boot Loader (ABL) that may allow an attacker with physical access to perform arbitrary memory overwrites, potentially causing loss of integrity and code execution. Connected sources confirm this risk applies to AMD Secure Pro...

6.8CVSS7.2AI score0.00318EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/10 8:56 p.m.37 views

CVE-2021-26398

Insufficient input validation in SYSKEYDERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential arbitrary code execution...

7.8AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2022/05/12 7:15 p.m.27 views

CVE-2021-26363

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure...

4.4CVSS0.0021EPSS
Exploits0References1
Rows per page
Query Builder