CVSS: 4.6EPSS: 0%CPEs: 146EXPL: 0CVE-2023-20526
https://notcve.org/view.php?id=CVE-2023-20526
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. Una validación de entrada insuficiente en el ASP Bootloader puede permitir que un atacante privilegiado con acceso físico exponga el contenido de la memoria ASP, lo que podría provocar una pérdida de confidencialidad. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 •
CVSS: 5.7EPSS: 0%CPEs: 186EXPL: 0CVE-2023-20521
https://notcve.org/view.php?id=CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. TOCTOU en el ASP Bootloader puede permitir que un atacante con acceso físico altere los registros ROM SPI después de la verificación del contenido de la memoria, lo que podría provocar una pérdida de confidencialidad o una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 274EXPL: 0CVE-2021-46774
https://notcve.org/view.php?id=CVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. Una validación de dirección DRAM insuficiente en System Management Unit (SMU) puede permitir que un atacante lea/escriba desde/hacia una dirección DRAM no válida, lo que podría provocar una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 •
CVSS: 5.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-26371
https://notcve.org/view.php?id=CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •
CVSS: 7.4EPSS: 0%CPEs: 196EXPL: 0CVE-2021-26356
https://notcve.org/view.php?id=CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •