CVSS: 10.0EPSS: 0%CPEs: 236EXPL: 0CVE-2022-23821
https://notcve.org/view.php?id=CVE-2022-23821
14 Nov 2023 — Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. Un control de acceso inadecuado en System Management Mode (SMM) puede permitir que un atacante escriba en la ROM SPI, lo que podría provocar la ejecución de código arbitrario. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •
CVSS: 10.0EPSS: 0%CPEs: 230EXPL: 0CVE-2022-23820
https://notcve.org/view.php?id=CVE-2022-23820
14 Nov 2023 — Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. No validar el búfer de comunicación AMD SMM puede permitir que un atacante corrompa la SMRAM, lo que podría provocar la ejecución de código arbitrario. Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 319EXPL: 0CVE-2023-20597
https://notcve.org/view.php?id=CVE-2023-20597
20 Sep 2023 — Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization •
CVSS: 4.4EPSS: 0%CPEs: 381EXPL: 0CVE-2023-20594
https://notcve.org/view.php?id=CVE-2023-20594
20 Sep 2023 — Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization •
CVSS: 9.0EPSS: 0%CPEs: 216EXPL: 0CVE-2021-46773
https://notcve.org/view.php?id=CVE-2021-46773
09 May 2023 — Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0CVE-2021-46765
https://notcve.org/view.php?id=CVE-2021-46765
09 May 2023 — Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 • CWE-125: Out-of-bounds Read •