Lucene search
K

70 matches found

Prion
Prion
added 2023/05/09 7:15 p.m.24 views

Information disclosure

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

4CVSS8.2AI score0.00399EPSS
Exploits0References2Affected Software72
Cvelist
Cvelist
added 2023/05/09 7:1 p.m.40 views

CVE-2021-46792

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

6.8AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 7:0 p.m.51 views

CVE-2021-46755

CVE-2021-46755 concerns the AMD Secure Processor (ASP) bootloader: failure to unmap certain SysHub mappings in error paths could allow a malicious bootloader attacker to exhaust SysHub resources, causing denial of service. The CVE is part of AMD’s ASP/SMU risk set and is listed in AMD-SB-3001 and...

7.5CVSS8.3AI score0.00616EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/09 7:0 p.m.22 views

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

7.8AI score0.00616EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/09 7:0 p.m.31 views

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

9.1AI score0.00565EPSS
Exploits0References2
CVE
CVE
added 2023/05/09 7:0 p.m.74 views

CVE-2021-46754

CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...

9.1CVSS9.1AI score0.00565EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/05/09 6:58 p.m.69 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/09 6:58 p.m.23 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

7.9AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/09 6:58 p.m.10 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

8.6AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/09 6:36 p.m.41 views

CVE-2021-46769

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution...

8.9AI score0.00784EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 6:36 p.m.67 views

CVE-2021-46769

CVE-2021-46769 affects the AMD ASP bootloader (ASP) and allows a privileged attacker to trigger insufficient syscall input validation to perform arbitrary DMA copies, potentially leading to code execution. The AMD AMD-SB-3001 bulletin summarizes the impact as high for this CVE and links remediati...

8.8CVSS9.1AI score0.00784EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-12571 · Amd · Asp

Name of the Vulnerable Software and Affected Versions: ASP AMD Secure Processor bootloader affected versions not specified Description: The issue is related to insufficient validation of inputs in the SVC MAP USER STACK component of the ASP bootloader. This may allow an attacker with a malicious...

9.1CVSS8.8AI score0.00645EPSS
Exploits0References6
NVD
NVD
added 2023/01/11 8:15 a.m.12 views

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

6.5CVSS6.2AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 8:15 a.m.3 views

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

6.5CVSS6.6AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 8:15 a.m.5 views

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

6.5CVSS6.6AI score0.00595EPSS
Exploits0References1
NVD
NVD
added 2023/01/11 8:15 a.m.14 views

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

6.5CVSS6.3AI score0.00595EPSS
Exploits0References1
NVD
NVD
added 2023/01/11 8:15 a.m.37 views

CVE-2021-26346

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

5.5CVSS5.5AI score0.00212EPSS
Exploits0References1
Prion
Prion
added 2023/01/11 8:15 a.m.28 views

Design/Logic Flaw

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

4CVSS6.7AI score0.00595EPSS
Exploits0References1Affected Software64
Prion
Prion
added 2023/01/11 8:15 a.m.30 views

Integer overflow

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

1.7CVSS5.7AI score0.00212EPSS
Exploits0References1
Prion
Prion
added 2023/01/11 8:15 a.m.19 views

Design/Logic Flaw

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

4CVSS6.6AI score0.00595EPSS
Exploits0References1Affected Software50
Rows per page
Query Builder