CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

CVE-2021-26370

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

CVE-2021-26402

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

CVE-2020-12946

Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.

CVE-2021-26398

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

CVE-2020-12988

A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.

CVE-2021-46774

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

CVE-2023-20533

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

CVE-2021-46763

Insufficient input validation in the SMU mayenable a privileged attacker to write beyond the intended bounds of a sharedmemory buffer potentially leading to a loss of integrity.

CVE-2021-26338

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

CVE-2023-20531

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

CVE-2021-46764

Improper validation of DRAM addresses in SMU mayallow an attacker to overwrite sensitive memory locations within the ASPpotentially resulting in a denial of service.

CVE-2021-26406

Insufficient validation in parsing Owner'sCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)and SEV-ES user application can lead to a host crash potentially resulting indenial of service.

CVE-2023-20529

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

CVE-2020-12944

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

CVE-2023-20524

An attacker with a compromised ASP couldpossibly send malformed commands to an ASP on another CPU, resulting in an outof bounds write, potentially leading to a loss a loss of integrity.

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.

CVE-2023-20578

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allowan attacker with ring0 privileges and access to theBIOS menu or UEFI shell to modify the communications buffer potentiallyresulting in arbitrary code execution.