CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2023-20578
https://notcve.org/view.php?id=CVE-2023-20578
13 Aug 2024 — A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-31315 – hw: amd: SMM Lock Bypass
https://notcve.org/view.php?id=CVE-2023-31315
09 Aug 2024 — Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. A flaw was found in hw. Improper validation in a model-specific register (MSR) could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. Enrique Nissim and Krzysztof Okupski discovered that some AMD ... • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-23829
https://notcve.org/view.php?id=CVE-2022-23829
18 Jun 2024 — A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. Una posible debilidad en las funciones de protección AMD SPI puede permitir que un atacante malicioso con acceso Ring0 (modo kernel) evite las protecciones ROM nativas del modo de administración del sistema (SMM). • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20579
https://notcve.org/view.php?id=CVE-2023-20579
13 Feb 2024 — Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. Un control de acceso inadecuado en la función de protección AMD SPI puede permitir que un usuario con acceso privilegiado Ring0 (modo kernel) evite las protecciones, lo que podría provocar una pérdida de integridad y disponibilidad. Improper Access Control in the AMD SPI protection feature may allow a user wit... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 •