CVSS: 7.8EPSS: 0%CPEs: 336EXPL: 0CVE-2021-46794
https://notcve.org/view.php?id=CVE-2021-46794
09 May 2023 — Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 198EXPL: 0CVE-2021-46792
https://notcve.org/view.php?id=CVE-2021-46792
09 May 2023 — Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.6EPSS: 0%CPEs: 378EXPL: 0CVE-2021-46759
https://notcve.org/view.php?id=CVE-2021-46759
09 May 2023 — Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity. Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the cont... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 336EXPL: 0CVE-2021-46754
https://notcve.org/view.php?id=CVE-2021-46754
09 May 2023 — Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 356EXPL: 0CVE-2021-46753
https://notcve.org/view.php?id=CVE-2021-46753
09 May 2023 — Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •
CVSS: 7.8EPSS: 0%CPEs: 336EXPL: 0CVE-2021-46749
https://notcve.org/view.php?id=CVE-2021-46749
09 May 2023 — Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 82EXPL: 0CVE-2022-29277
https://notcve.org/view.php?id=CVE-2022-29277
15 Nov 2022 — Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Sno... • https://www.insyde.com/security-pledge • CWE-787: Out-of-bounds Write •