10 matches found
CVE-2023-20597
CVE-2023-20597 concerns improper initialization of variables in the AMD DXE driver, leading to potential local-information disclosure. The vulnerability is discussed across multiple sources (AMD/SB-4007 and related advisories), which describe memory-leak risks in the DXE driver and note mitigatio...
CVE-2021-46754
CVE-2021-46754: Insufficient input validation in the ASP bootloader can allow a compromised UApp/ABL to expose sensitive information to the SMU, risking confidentiality and integrity. AMD-SB-5001 lists this CVE with Medium severity and provides firmware-based mitigations via Platform Initializati...
CVE-2021-46753
CVE-2021-46753 affects the AMD Secure Processor (ASP) sensor fusion hub headers. The issue is described as failure to validate the length fields of these headers, which could allow a malicious UApp or ABL to map the ASP sensor fusion hub region and overwrite data structures, potentially compromis...
CVE-2023-20594
CVE-2023-20594 concerns the AMD DXE driver. The root cause is improper initialization of variables in the DXE driver, which may allow a privileged local user to leak sensitive information. Impact is information disclosure with local access; attack vector is local. The vulnerability affects AMD DX...
CVE-2021-46765
CVE-2021-46765 describes an vulnerability in the AMD Secure Processor (ASP) and AMD System Management Unit (SMU), caused by insufficient input validation in the ASP. The issue can permit an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to...
CVE-2021-46794
CVE-2021-46794 refers to an insufficient bounds check in the AMD Secure Processor (ASP) that may allow an out-of-bounds read in the System Management Interface (SMI) mailbox checksum calculation, triggering a data abort and potentially causing denial of service. Connected documents corroborate th...
CVE-2021-46759
Consolidated details for CVE-2021-46759 show an improper syscall input validation in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE). Attack requires physical access and control of a UApp running under the bootloader to read ASP bootloader memory via a serial port, potentially ...
CVE-2021-46792
The CVE-2021-46792 entry refers to TOCTOU in the BIOS2PSP command within AMD’s AMD Secure Processor (ASP) and related ASP bootloader logic. The described impact is a race that can cause the ASP bootloader to perform out-of-bounds SRAM reads during S3 resume, potentially yielding a denial of servi...
CVE-2021-46749
CVE-2021-46749 corresponds to an out-of-bounds read vulnerability in the AMD Secure Processor (ASP) affecting the System Management Interface (SMI) mailbox checksum calculation, caused by insufficient bounds checking. The vulnerability can trigger a data abort and potentially lead to a denial of ...
CVE-2021-46773
CVE-2021-46773 involves insufficient input validation in the AMD bootloader (ABL) that may allow a privileged attacker to corrupt the AMD Secure Processor (ASP) memory, potentially resulting in loss of integrity or code execution. The connected documents provide concrete details: the vulnerabilit...