6 results (0.009 seconds)

CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 0

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. A flaw was found in hw. Improper validation in a model-specific register (MSR) could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://access.redhat.com/security/cve/CVE-2023-31315 https://bugzilla.redhat.com/show_bug.cgi?id=2279283 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: 24EXPL: 0

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. Una posible debilidad en las funciones de protección AMD SPI puede permitir que un atacante malicioso con acceso Ring0 (modo kernel) evite las protecciones ROM nativas del modo de administración del sistema (SMM). • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html • CWE-284: Improper Access Control •