PT-2023-1408 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of address mapping to IO in the AMD Secure Processor, which may result in a loss of memory integrity in the SNP guest. This coul...

PT-2023-12585 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient input validation in the SVC ECC PRIMITIVE system call. This can be exploited by an attacker in a compromised user application or ABL to...

AMD Client Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1031 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor ASP,...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

CVE-2021-26360

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP...

CVE-2020-12931

Improper parameters handling in the AMD Secure Processor ASP kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2020-12931

Improper parameters handling in the AMD Secure Processor ASP kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2021-26360

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP...

CVE-2020-12930

Improper parameters handling in AMD Secure Processor ASP drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2020-12930

Improper parameters handling in AMD Secure Processor ASP drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

Input validation

Improper parameters handling in the AMD Secure Processor ASP kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

Design/Logic Flaw

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP...

Design/Logic Flaw

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

Input validation

Improper parameters handling in AMD Secure Processor ASP drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2021-26360

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP...

CVE-2021-26360

CVE-2021-26360 describes a local-attack vulnerability in the AMD Secure Processor (ASP) where an attacker with local access can modify the security configuration of the SOC registers, potentially corrupting the ASP’s encrypted memory and enabling arbitrary code execution in the ASP environment. T...

CVE-2021-26360

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP...