Amd Security Vulnerabilities
Insufficient validation in parsing Owner'sCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)and SEV-ES user application can lead to a host crash potentially resulting indenial of service.
7.5CVSS
8.4AI Score
0.001EPSS
A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.
5.5CVSS
6AI Score
0.0004EPSS
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
7.1CVSS
7.1AI Score
0.0004EPSS
Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.
7.8CVSS
7.7AI Score
0.0004EPSS
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appe...
6.8CVSS
6.8AI Score
0.001EPSS
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
6.5CVSS
6.3AI Score
0.0004EPSS
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
5.5CVSS
5.9AI Score
0.0004EPSS
Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.
7.5CVSS
7.8AI Score
0.001EPSS
Failure to validate the length fields of the ASP(AMD Secure Processor) sensor fusion hub headers may allow an attacker with amalicious Uapp or ABL to map the ASP sensor fusion hub region and overwritedata structures leading to a potential loss of confidentiality and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
Insufficient input validation in the ASP (AMDSecure Processor) bootloader may allow an attacker with a compromised Uapp orABL to coerce the bootloader into exposing sensitive information to the SMU(System Management Unit) resulting in a potential loss of confidentiality andintegrity.
9.1CVSS
9.1AI Score
0.002EPSS
Failure to unmap certain SysHub mappings inerror paths of the ASP (AMD Secure Processor) bootloader may allow an attackerwith a malicious bootloader to exhaust the SysHub resources resulting in apotential denial of service.
7.5CVSS
8.3AI Score
0.001EPSS
Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.
9.1CVSS
9.1AI Score
0.001EPSS
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
6.1CVSS
6.6AI Score
0.0004EPSS
Improper syscall input validation in AMD TEE(Trusted Execution Environment) may allow an attacker with physical access andcontrol of a Uapp that runs under the bootloader to reveal the contents of theASP (AMD Secure Processor) bootloader accessible memory to a serial port,resulting in a potential l...
6.1CVSS
6.6AI Score
0.001EPSS
A malicious or compromised UApp or ABL can senda malformed system call to the bootloader, which may result in an out-of-boundsmemory access that may potentially lead to an attacker leaking sensitiveinformation or achieving code execution.
9.8CVSS
9.4AI Score
0.003EPSS
Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.
9.1CVSS
6.4AI Score
0.001EPSS
Insufficient input validation in the SMU mayenable a privileged attacker to write beyond the intended bounds of a sharedmemory buffer potentially leading to a loss of integrity.
7.5CVSS
7.9AI Score
0.001EPSS
Improper validation of DRAM addresses in SMU mayallow an attacker to overwrite sensitive memory locations within the ASPpotentially resulting in a denial of service.
7.5CVSS
7.8AI Score
0.001EPSS
Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.
7.5CVSS
7.7AI Score
0.001EPSS
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
5.5CVSS
6.1AI Score
0.0004EPSS
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.
6.1CVSS
6.5AI Score
0.001EPSS
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.
5.5CVSS
6AI Score
0.0004EPSS
Insufficient syscall input validation in the ASPBootloader may allow a privileged attacker to execute arbitrary DMA copies,which can lead to code execution.
8.8CVSS
9.1AI Score
0.001EPSS
Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.
7.8CVSS
7.8AI Score
0.0004EPSS
Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.
8.8CVSS
8.8AI Score
0.001EPSS
Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.
7.5CVSS
7.8AI Score
0.001EPSS
Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution.
6.8CVSS
7.2AI Score
0.001EPSS
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive inform...
5.6CVSS
5.7AI Score
0.0004EPSS
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.
7.1CVSS
7.2AI Score
0.0004EPSS
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
5.5CVSS
6.1AI Score
0.0004EPSS
Time-of-check Time-of-use (TOCTOU) in theBIOS2PSP command may allow an attacker with a malicious BIOS to create a racecondition causing the ASP bootloader to perform out-of-bounds SRAM reads uponan S3 resume event potentially leading to a denial of service.
5.9CVSS
6.5AI Score
0.001EPSS
Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.
7.5CVSS
7.8AI Score
0.001EPSS
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
4.7CVSS
5.4AI Score
0.0004EPSS
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.
5.3CVSS
6AI Score
0.001EPSS
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.
5.3CVSS
6.1AI Score
0.001EPSS
Insufficient input validation on the modelspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guestmemory integrity.
7.5CVSS
7.9AI Score
0.001EPSS
Failure to validate the AMD SMM communication buffermay allow an attacker to corrupt the SMRAM potentially leading to arbitrarycode execution.
9.8CVSS
8.5AI Score
0.013EPSS
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
9.8CVSS
9.5AI Score
0.001EPSS
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
6.5CVSS
6AI Score
0.001EPSS
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
5.5CVSS
5.6AI Score
0.001EPSS
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
6.5CVSS
6.8AI Score
0.0005EPSS
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
5.3CVSS
6.3AI Score
0.0005EPSS
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
7.5CVSS
7.4AI Score
0.001EPSS
When SMT is enabled, certain AMD processors may speculatively execute instructions using a targetfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.
4.7CVSS
6.2AI Score
0.0004EPSS
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
7.5CVSS
7.1AI Score
0.002EPSS
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
7.5CVSS
7.4AI Score
0.001EPSS
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with lowprivileges to modify files potentially leading to privilege escalation and code execution by the lowerprivileged user.
7.8CVSS
8AI Score
0.0004EPSS
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048...
8.8CVSS
8.6AI Score
0.0004EPSS
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
6.5CVSS
7.3AI Score
0.001EPSS
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
3.3CVSS
6.2AI Score
0.0004EPSS