Ryzen 3 5300U Firmware Security Vulnerabilities - CVSS Score 5 - 6
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
5.5CVSS
6AI Score
0.0004EPSS
Insufficient bounds checking in ASP may allow anattacker to issue a system call from a compromised ABL which may causearbitrary memory values to be initialized to zero, potentially leading to aloss of integrity.
5.5CVSS
7.2AI Score
0.0004EPSS
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
5.5CVSS
5.8AI Score
0.0004EPSS
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confiden...
5.5CVSS
6.2AI Score
0.0004EPSS
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive inform...
5.6CVSS
5.7AI Score
0.0004EPSS
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
5.5CVSS
6.9AI Score
0.001EPSS