Page 3 of 279 results (0.010 seconds)

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html • CWE-276: Incorrect Default Permissions •

CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 0

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0

Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html • CWE-459: Incomplete Cleanup •

CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.2EPSS: 0%CPEs: 7EXPL: 0

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •