CVE-2021-26312

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

CVE-2020-12946

Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.

CVE-2021-26338

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

CVE-2020-12944

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

CVE-2021-26329

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.

CVE-2021-26320

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.

CVE-2021-26321

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.