Ryzen 6600Hs Firmware Security Vulnerabilities - 2023

CVE-2021-46753

Failure to validate the length fields of the ASP(AMD Secure Processor) sensor fusion hub headers may allow an attacker with amalicious Uapp or ABL to map the ASP sensor fusion hub region and overwritedata structures leading to a potential loss of confidentiality and integrity.

CVE-2021-46765

Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.

CVE-2021-46773

Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.