CVSS: 7.5EPSS: 0%CPEs: 92EXPL: 0CVE-2021-46755
https://notcve.org/view.php?id=CVE-2021-46755
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •
CVSS: 9.1EPSS: 0%CPEs: 336EXPL: 0CVE-2021-46754
https://notcve.org/view.php?id=CVE-2021-46754
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 356EXPL: 0CVE-2021-46753
https://notcve.org/view.php?id=CVE-2021-46753
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •
CVSS: 7.5EPSS: 0%CPEs: 336EXPL: 0CVE-2021-46749
https://notcve.org/view.php?id=CVE-2021-46749
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 80EXPL: 0CVE-2021-26406
https://notcve.org/view.php?id=CVE-2021-26406
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •