CVSS: 4.9EPSS: 0%CPEs: 146EXPL: 0CVE-2023-20526
https://notcve.org/view.php?id=CVE-2023-20526
14 Nov 2023 — Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. Una validación de entrada insuficiente en el ASP Bootloader puede permitir que un atacante privilegiado con acceso físico exponga el contenido de la memoria ASP, lo que podría provocar una pérdida de confidencialidad. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 •
CVSS: 5.7EPSS: 0%CPEs: 186EXPL: 0CVE-2023-20521
https://notcve.org/view.php?id=CVE-2023-20521
14 Nov 2023 — TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. TOCTOU en el ASP Bootloader puede permitir que un atacante con acceso físico altere los registros ROM SPI después de la verificación del contenido de la memoria, lo que podría provocar una pérdida de confidencialidad o una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 274EXPL: 0CVE-2021-46774
https://notcve.org/view.php?id=CVE-2021-46774
14 Nov 2023 — Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. Una validación de dirección DRAM insuficiente en System Management Unit (SMU) puede permitir que un atacante lea/escriba desde/hacia una dirección DRAM no válida, lo que podría provocar una denegación de servicio. Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an ... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 •
CVSS: 5.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-26371
https://notcve.org/view.php?id=CVE-2021-26371
09 May 2023 — A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 •
CVSS: 7.4EPSS: 0%CPEs: 196EXPL: 0CVE-2021-26356
https://notcve.org/view.php?id=CVE-2021-26356
09 May 2023 — A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2021-26403
https://notcve.org/view.php?id=CVE-2021-26403
10 Jan 2023 — Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. Las comprobaciones insuficientes en SEV pueden provocar que un hipervisor malicioso revele el secreto de inicio, lo que podría comprometer la confidencialidad de la VM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 •
CVSS: 3.3EPSS: 0%CPEs: 76EXPL: 0CVE-2021-26342
https://notcve.org/view.php?id=CVE-2021-26342
11 May 2022 — In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability. En las máquinas virtuales invitadas de SEV, la CPU puede fallar al vaciar la memoria intermedia... • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 •
CVSS: 7.1EPSS: 0%CPEs: 76EXPL: 0CVE-2021-26408
https://notcve.org/view.php?id=CVE-2021-26408
10 May 2022 — Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. Una comprobación insuficiente de los puntos de la curva elíptica en el firmware de SEV-legacy puede comprometer la migración de los huéspedes de SEV-legacy, resultando potencialmente en una pérdida de la integridad o la confidencialidad de los huéspedes • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 •
CVSS: 5.5EPSS: 0%CPEs: 116EXPL: 0CVE-2021-26330
https://notcve.org/view.php?id=CVE-2021-26330
16 Nov 2021 — AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. AMD System Management Unit (SMU) puede experimentar un desbordamiento en la región heap de la memoria que puede resultar en una pérdida de recursos • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 114EXPL: 0CVE-2020-12944
https://notcve.org/view.php?id=CVE-2020-12944
16 Nov 2021 — Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. Una validación insuficiente de la longitud de la imagen de la BIOS por parte de ASP Firmware podría conducir a la ejecución de código arbitrario • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 • CWE-20: Improper Input Validation •