6 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 336EXPL: 0

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 0%CPEs: 378EXPL: 0

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 336EXPL: 0

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 0%CPEs: 356EXPL: 0

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •