38 matches found
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
PT-2026-7464
Name of the Vulnerable Software and Affected Versions AMD Secure Processor ASP Boot Loader affected versions not specified Description A flaw exists in the AMD Secure Processor ASP Boot Loader where insufficient parameter sanitization could allow an attacker with access to SPIROM upgrade to...
EUVD-2020-5241
Malware in sbrugna...
EUVD-2020-5234
Malware in sbrugna...
EUVD-2021-13162
Malware in sbrugna...
EUVD-2023-24700
Malicious code in bioql PyPI...
CVE-2021-46772
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service...
CVE-2021-46772
Summary: CVE-2021-46772 describes insufficient input validation in the ABL that may allow a privileged attacker with BIOS/UEFI access to tamper with SPI ROM headers, causing out-of-bounds reads/writes and memory corruption or DoS. The Connected documents provide concrete mitigation details from A...
CVE-2021-46772
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service...
AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞
AMD Secure Encrypted Virtualization and AMD Secure Processor ASP are both products of Ultraviolet Semiconductor AMD, Inc.AMD Secure Encrypted Virtualization is a software application. Hardware-accelerated memory encryption to protect data in use.AMD Secure Processor is a standalone ARM Coretex-A5...
CVE-2022-23821
Improper access control in System Management Mode SMM may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution...
CVE-2022-23821
Improper access control in System Management Mode SMM may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution...
Denial of service
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
Improper access control
Improper access control in System Management Mode SMM may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution...
CVE-2022-23821
Improper access control in System Management Mode SMM may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution...
CVE-2022-23821
CVE-2022-23821 describes an improper access control in AMD System Management Mode (SMM) that could allow an attacker to write to SPI ROM and potentially achieve arbitrary code execution. Connected sources indicate this affects AMD ASP/SMM components and is mitigated by Platform Initialization (PI...
CVE-2022-23821
Improper access control in System Management Mode SMM may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution...
CVE-2023-20521
CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...