CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2023-20578
https://notcve.org/view.php?id=CVE-2023-20578
13 Aug 2024 — A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •
CVSS: 5.2EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46746
https://notcve.org/view.php?id=CVE-2021-46746
13 Aug 2024 — Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, po... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0CVE-2021-26387
https://notcve.org/view.php?id=CVE-2021-26387
13 Aug 2024 — Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20587
https://notcve.org/view.php?id=CVE-2023-20587
13 Feb 2024 — Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. Un control de acceso inadecuado en el modo de administración del sistema (SMM) puede permitir que un atacante acceda a la memoria flash SPI, lo que podría provocar la ejecución de código arbitrario. Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 •