Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ryzen 3900 Firmware Security Vulnerabilities - 2023

cve
cve

CVE-2021-46749

Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.

7.5CVSS

7.8AI Score

0.001EPSS

2023-05-09 07:15 PM
25
cve
cve

CVE-2021-46753

Failure to validate the length fields of the ASP(AMD Secure Processor) sensor fusion hub headers may allow an attacker with amalicious Uapp or ABL to map the ASP sensor fusion hub region and overwritedata structures leading to a potential loss of confidentiality and integrity.

9.1CVSS

9.1AI Score

0.001EPSS

2023-05-09 07:15 PM
24
cve
cve

CVE-2021-46754

Insufficient input validation in the ASP (AMDSecure Processor) bootloader may allow an attacker with a compromised Uapp orABL to coerce the bootloader into exposing sensitive information to the SMU(System Management Unit) resulting in a potential loss of confidentiality andintegrity.

9.1CVSS

9.1AI Score

0.002EPSS

2023-05-09 08:15 PM
33
cve
cve

CVE-2021-46755

Failure to unmap certain SysHub mappings inerror paths of the ASP (AMD Secure Processor) bootloader may allow an attackerwith a malicious bootloader to exhaust the SysHub resources resulting in apotential denial of service.

7.5CVSS

8.3AI Score

0.001EPSS

2023-05-09 08:15 PM
20
cve
cve

CVE-2021-46759

Improper syscall input validation in AMD TEE(Trusted Execution Environment) may allow an attacker with physical access andcontrol of a Uapp that runs under the bootloader to reveal the contents of theASP (AMD Secure Processor) bootloader accessible memory to a serial port,resulting in a potential l...

6.1CVSS

6.6AI Score

0.001EPSS

2023-05-09 08:15 PM
25
cve
cve

CVE-2021-46765

Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.

7.5CVSS

7.7AI Score

0.001EPSS

2023-05-09 08:15 PM
30
cve
cve

CVE-2021-46773

Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-09 08:15 PM
21
cve
cve

CVE-2021-46792

Time-of-check Time-of-use (TOCTOU) in theBIOS2PSP command may allow an attacker with a malicious BIOS to create a racecondition causing the ASP bootloader to perform out-of-bounds SRAM reads uponan S3 resume event potentially leading to a denial of service.

5.9CVSS

6.5AI Score

0.001EPSS

2023-05-09 08:15 PM
27
cve
cve

CVE-2021-46794

Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.

7.5CVSS

7.8AI Score

0.001EPSS

2023-05-09 08:15 PM
22
cve
cve

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

4.4CVSS

4.5AI Score

0.0004EPSS

2023-09-20 06:15 PM
28
cve
cve

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

5.5CVSS

5AI Score

0.0004EPSS

2023-09-20 06:15 PM
26