Page 3 of 32 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 145EXPL: 1

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/24/3 http://www.openwall.com/lists/oss-security/2023/07/25/1 http://www.openwall.com/lists/oss-security/2023/07/25/12 http://www.openwall.com/lists/oss-security/2023/07/25/13 http://www.openwall.com/lists/oss-security/2023/07/25/14 http://www.openwall.com/lists/oss-security/2023/07/25/15 http://www.openwall.com/lists/oss-security/2023/07/25/1 • CWE-1239: Improper Zeroization of Hardware Register •

CVSS: 7.5EPSS: 0%CPEs: 336EXPL: 0

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •

CVSS: 5.9EPSS: 0%CPEs: 198EXPL: 0

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 8.8EPSS: 0%CPEs: 216EXPL: 0

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 156EXPL: 0

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •