多款AMD产品 安全漏洞

The AMD System Management Unit SMU and AMD Secure Processor ASP are both products of UltraMicroelectronics AMD, Inc.The AMD System Management Unit is a system management unit.The AMD Secure Processor is a standalone AMD Secure Processor is a standalone ARM Coretex-A5 chip. A security vulnerabilit...

AMD Secure Processor 缓冲区错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a buffer error vulnerability that stems from insufficient input validation in the SVCECCPRIMITIVE system call. An attacker could exploit this vulnerability to corrupt...

AMD Secure Processor(ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from incorrect system call input validation in the Bootloader, which could allow a privileged attacker to read memory out of bound...

AMD Secure Processor 缓冲区错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. ASP AMD Secure Processor suffers from a buffer error vulnerability that stems from insufficient input validation in the SYSKEYDERIVE system call. An attacker could exploit this vulnerability to corrupt th...

AMD Secure Processor (ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP that stems from insufficient validation of input. An attacker could exploit the vulnerability to gain write access to memory, resulting in loss ...

AMD Secure Processor(ASP) 安全漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from the fact that TOCTOU may allow a physical attacker to write outside of buffer boundaries, which could result in loss of...

AMD Secure Processor(ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from inadequate input validation and could allow an attacker with a malicious BIOS to potentially cause a denial of service...

AMD Secure Processor 安全特征问题漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP, AMD System Management Unit SMU, and AMD Secure Encrypted Virtualization SEV. An attacker could exploit this vulnerability to cause an informati...

CVE-2021-46779

CVE-2021-46779 is an AMD Secure Processor (ASP) vulnerability: insufficient input validation in the SVC_ECC_PRIMITIVE system call could allow a compromised user application or ABL to corrupt ASP OS memory, risking loss of integrity and availability. Connected sources confirm the issue and link to...

CVE-2021-26402

Insufficient bounds checking in ASP AMD Secure Processor firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability...

CVE-2021-26398

CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...

CVE-2021-26396

Insufficient validation of address mapping to IO in ASP AMD Secure Processor may result in a loss of memory integrity in the SNP guest...

CVE-2021-26396

The CVE-2021-26396 issue affects the AMD Secure Processor (ASP) where insufficient validation of address mapping to IO can lead to loss of memory integrity in the SNP guest. The entry is supported by multiple sources (NVD/NCSC AMD SB) detailing the vulnerability and its scope across AMD EPYC gene...

CVE-2021-26346

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

AMD Client Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1031 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor ASP,...

PT-2023-1412 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to insufficient input validation in the SYS KEY DERIVE system call, which can be exploited by an attacker to corrupt AMD Secure Processor ASP OS memory...

PT-2023-1403 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to insufficient input validation in the ASP, which may allow an attacker with physical access to gain unauthorized write access to memory. This could...

PT-2023-1482 · Amd · Amd System Management Unit +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP and System Management Unit SMU affected versions not specified Description: The issue is related to the software interfaces of ASP and SMU, which may not properly enforce the SNP memory security policy. This could lea...

PT-2023-1483 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability in the ASP, which may allow a physical attacker to write beyond buffer bounds. This could...

PT-2023-12087 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to the failure to validate the integer operand in the ASP bootloader, which may allow an attacker to introduce an integer overflow in the L2 directory tabl...