Input validation

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

Input validation

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...

Input validation

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

CVE-2021-46758

CVE-2021-46758 involves insufficient validation of SPI flash addresses in the AMD Secure Processor (ASP) bootloader. The issue may allow an attacker to read data mapped beyond SPI flash, potentially impacting availability and integrity. Related documents confirm the vulnerability in ASP bootloade...

CVE-2023-20526

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality...

CVE-2023-20526

CVE-2023-20526 affects the AMD ASP Bootloader (ASP) within AMD EPYC Embedded platforms. The issue is insufficient input validation in the ASP Bootloader, which could allow a privileged attacker with physical access to expose ASP memory contents and potentially breach confidentiality. Industry adv...

CVE-2023-20521

CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...

CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality...

CVE-2021-46766

CVE-2021-46766 is reported as a vulnerability in AMD ASP/ASP Bootloader where improper clearing of sensitive data may expose secret keys to a privileged attacker with access to ASP SRAM, potentially compromising confidentiality. Concrete technical context appears in accompanying advisories: AMD’s...

AMD Secure Processor Security Vulnerability

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. A security vulnerability exists in AMD Secure Processor, which stems from the fact that insufficient validation of the SPI flash address in the bootloader could allow an attacker to read data mapped to memory other than the SP...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from a TOCTOU in the ASP bootloader that could allow an attacker with physical access to tamper with...

PT-2023-17451 · Unknown +1 · Asp Bootloader +1

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to insufficient input validation in the ASP Bootloader, which may allow a privileged attacker with physical access to expose the contents of ASP memory. This cou...

PT-2023-12580 · Unknown +1 · Asp Bootloader +1

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to the improper clearing of sensitive data in the ASP Bootloader, which may expose secret keys to a privileged attacker accessing ASP SRAM. This could potentiall...

PT-2023-8275 · Unknown +1 · Asp Bootloader +1

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability in the ASP Bootloader, which may allow an attacker with physical access to tamper with SPI ROM records aft...

PT-2023-12572 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of SPI flash addresses in the ASP bootloader, which may allow an attacker to read data in memory mapped beyond SPI flash. This...

OESA-2023-1801 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirroroneesl of the file mok.c of the component mok...

Espressif Systems esptool Security Vulnerability

Espressif Systems esptool is a Python-based, open-source, platform-independent utility program from Espressif Systems that communicates with the ROM bootloader in the Espressif chip. A security vulnerability exists in Espressif Systems esptool version 4.6.2. An attacker could exploit this...

CVE-2023-3487

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...