Filtered by vendor Amd
Subscribe
Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46764 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2023-12-10 | N/A | 7.5 HIGH |
| Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service. | |||||
| CVE-2021-46749 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2023-12-10 | N/A | 7.5 HIGH |
| Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | |||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | |||||
| CVE-2021-46763 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2023-12-10 | N/A | 7.5 HIGH |
| Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | |||||
| CVE-2023-20520 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | |||||
| CVE-2021-46755 | 1 Amd | 46 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 43 more | 2023-12-10 | N/A | 7.5 HIGH |
| Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. | |||||
| CVE-2021-46769 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2023-12-10 | N/A | 8.8 HIGH |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | |||||
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2023-12-10 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | |||||
| CVE-2021-26365 | 1 Amd | 108 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 105 more | 2023-12-10 | N/A | 8.2 HIGH |
| Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. | |||||
| CVE-2021-26379 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | |||||
| CVE-2021-26397 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2023-12-10 | N/A | 7.1 HIGH |
| Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | |||||
| CVE-2021-46765 | 1 Amd | 88 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 85 more | 2023-12-10 | N/A | 7.5 HIGH |
| Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. | |||||
| CVE-2021-46775 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2023-12-10 | N/A | 6.8 MEDIUM |
| Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | |||||
| CVE-2021-26354 | 1 Amd | 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. | |||||
| CVE-2021-26371 | 1 Amd | 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | |||||
| CVE-2021-46753 | 1 Amd | 132 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 129 more | 2023-12-10 | N/A | 9.1 CRITICAL |
| Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | |||||
| CVE-2021-46792 | 1 Amd | 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more | 2023-12-10 | N/A | 5.9 MEDIUM |
| Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | |||||
| CVE-2021-46773 | 1 Amd | 126 Ryzen 1200 \(af\), Ryzen 1200 \(af\) Firmware, Ryzen 1600 \(af\) and 123 more | 2023-12-10 | N/A | 8.8 HIGH |
| Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | |||||
| CVE-2021-26402 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-12-10 | N/A | 7.1 HIGH |
| Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | |||||
| CVE-2021-26398 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2023-12-10 | N/A | 7.8 HIGH |
| Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | |||||