Ryzen 3 Pro 2100Ge Firmware Security Vulnerabilities - 2023

CVE-2021-26354

Insufficient bounds checking in ASP may allow anattacker to issue a system call from a compromised ABL which may causearbitrary memory values to be initialized to zero, potentially leading to aloss of integrity.

CVE-2021-26365

Certain size values in firmware binary headerscould trigger out of bounds reads during signature validation, leading todenial of service or potentially limited leakage of information aboutout-of-bounds memory contents.

CVE-2021-26371

A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.