70 matches found
Information disclosure
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
CVE-2021-46755
CVE-2021-46755 concerns the AMD Secure Processor (ASP) bootloader: failure to unmap certain SysHub mappings in error paths could allow a malicious bootloader attacker to exhaust SysHub resources, causing denial of service. The CVE is part of AMD’s ASP/SMU risk set and is listed in AMD-SB-3001 and...
CVE-2021-46755
Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...
CVE-2021-46754
Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...
CVE-2021-46754
CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...
CVE-2021-26356
CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...
CVE-2021-46769
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution...
CVE-2021-46769
CVE-2021-46769 affects the AMD ASP bootloader (ASP) and allows a privileged attacker to trigger insufficient syscall input validation to perform arbitrary DMA copies, potentially leading to code execution. The AMD AMD-SB-3001 bulletin summarizes the impact as high for this CVE and links remediati...
PT-2023-12571 · Amd · Asp
Name of the Vulnerable Software and Affected Versions: ASP AMD Secure Processor bootloader affected versions not specified Description: The issue is related to insufficient validation of inputs in the SVC MAP USER STACK component of the ASP bootloader. This may allow an attacker with a malicious...
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...
CVE-2023-20527
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...
CVE-2023-20527
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...
CVE-2021-26346
Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...
Design/Logic Flaw
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...
Integer overflow
Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...
Design/Logic Flaw
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...