CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31348
https://notcve.org/view.php?id=CVE-2023-31348
13 Aug 2024 — A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31341
https://notcve.org/view.php?id=CVE-2023-31341
13 Aug 2024 — Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2024-21981
https://notcve.org/view.php?id=CVE-2024-21981
13 Aug 2024 — Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31307
https://notcve.org/view.php?id=CVE-2023-31307
13 Aug 2024 — Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20591
https://notcve.org/view.php?id=CVE-2023-20591
13 Aug 2024 — Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2023-20578
https://notcve.org/view.php?id=CVE-2023-20578
13 Aug 2024 — A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20518
https://notcve.org/view.php?id=CVE-2023-20518
13 Aug 2024 — Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-459: Incomplete Cleanup •
CVSS: 7.0EPSS: 0%CPEs: 128EXPL: 0CVE-2022-23817
https://notcve.org/view.php?id=CVE-2022-23817
13 Aug 2024 — Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 0CVE-2022-23815
https://notcve.org/view.php?id=CVE-2022-23815
13 Aug 2024 — Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-46772
https://notcve.org/view.php?id=CVE-2021-46772
13 Aug 2024 — Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting i... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •