CVE-2023-20594
https://notcve.org/view.php?id=CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization •
CVE-2023-20589 – fTPM Voltage Fault Injection
https://notcve.org/view.php?id=CVE-2023-20589
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •
CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/24/3 http://www.openwall.com/lists/oss-security/2023/07/25/1 http://www.openwall.com/lists/oss-security/2023/07/25/12 http://www.openwall.com/lists/oss-security/2023/07/25/13 http://www.openwall.com/lists/oss-security/2023/07/25/14 http://www.openwall.com/lists/oss-security/2023/07/25/15 http://www.openwall.com/lists/oss-security/2023/07/25/1 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-1239: Improper Zeroization of Hardware Register •
CVE-2021-46794
https://notcve.org/view.php?id=CVE-2021-46794
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •
CVE-2021-46792
https://notcve.org/view.php?id=CVE-2021-46792
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •