7 matches found
CVE-2021-46754
CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...
CVE-2021-46753
CVE-2021-46753 affects the AMD Secure Processor (ASP) sensor fusion hub headers. The issue is described as failure to validate the length fields of these headers, which could allow a malicious UApp or ABL to map the ASP sensor fusion hub region and overwrite data structures, potentially compromis...
CVE-2021-46794
CVE-2021-46794 refers to an insufficient bounds check in the AMD Secure Processor (ASP) that may allow an out-of-bounds read in the System Management Interface (SMI) mailbox checksum calculation, triggering a data abort and potentially causing denial of service. Connected documents corroborate th...
CVE-2021-46759
Consolidated details for CVE-2021-46759 show an improper syscall input validation in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE). Attack requires physical access and control of a UApp running under the bootloader to read ASP bootloader memory via a serial port, potentially ...
CVE-2021-46792
The CVE-2021-46792 entry refers to TOCTOU in the BIOS2PSP command within AMD’s AMD Secure Processor (ASP) and related ASP bootloader logic. The described impact is a race that can cause the ASP bootloader to perform out-of-bounds SRAM reads during S3 resume, potentially yielding a denial of servi...
CVE-2021-46749
CVE-2021-46749 corresponds to an out-of-bounds read vulnerability in the AMD Secure Processor (ASP) affecting the System Management Interface (SMI) mailbox checksum calculation, caused by insufficient bounds checking. The vulnerability can trigger a data abort and potentially lead to a denial of ...
CVE-2021-46773
CVE-2021-46773 involves insufficient input validation in the AMD bootloader (ABL) that may allow a privileged attacker to corrupt the AMD Secure Processor (ASP) memory, potentially resulting in loss of integrity or code execution. The connected documents provide concrete details: the vulnerabilit...