Lucene search
K
AmdAmd 3015e Firmware

8 matches found

CVE
CVE
added 2023/11/14 6:52 p.m.90 views

CVE-2023-20521

CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...

5.7CVSS6.1AI score0.00257EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.88 views

CVE-2020-12930

CVE-2020-12930 is an AMD ASP/PSP driver vulnerability described as improper parameter handling that could allow a privileged attacker to elevate privileges, potentially compromising integrity. The AMD security bulletin AMD-SB-5001 maps this CVE to various AMD Embedded/ Ryzen platforms and provide...

7.8CVSS7.5AI score0.00251EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.88 views

CVE-2021-26393

CVE-2021-26393 describes insufficient memory cleanup in the AMD Secure Processor (ASP) TEE, which could allow an authenticated user with privileges to generate a valid signed TA and potentially poison process memory, leading to confidentiality loss. The connected AMD security bulletin (AMD-SB-500...

5.5CVSS6.2AI score0.00247EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.82 views

CVE-2020-12931

The CVE-2020-12931 issue affects the AMD Secure Processor (ASP) kernel, caused by improper parameter handling, enabling a privileged attacker to elevate privileges and potentially compromise integrity. AMD’s AMD-SB-5001 bulletin maps this vulnerability across ASP/PSP components (ASP kernel) and p...

7.8CVSS7.3AI score0.00251EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2022/11/09 8:44 p.m.78 views

CVE-2021-26392

CVE-2021-26392 involves insufficient verification of a missing size check in LoadModule, leading to an out-of-bounds write that could enable code execution in the OS/kernel via loading a malicious TA. AMD’s related bulletin (AMD-SB-5001) labels this CVE as Medium and provides mitigations through ...

7.8CVSS8.1AI score0.0026EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.71 views

CVE-2021-26365

CVE-2021-26365 concerns AMD Secure Processor (ASP) and AMD System Management Unit (SMU) firmware where certain size values in firmware binary headers can cause out-of-bounds reads during signature validation, potentially enabling denial of service or leakage of memory contents. Public references ...

8.2CVSS8.7AI score0.00571EPSS