CVE-2021-26386

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

CVE-2021-26317

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

CVE-2020-12965

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.

CVE-2021-46765

Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.

CVE-2021-46794

Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.

CVE-2021-46755

Failure to unmap certain SysHub mappings inerror paths of the ASP (AMD Secure Processor) bootloader may allow an attackerwith a malicious bootloader to exhaust the SysHub resources resulting in apotential denial of service.

CVE-2021-46749

Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.