CVSS: 5.7EPSS: 0%CPEs: 186EXPL: 0CVE-2023-20521
https://notcve.org/view.php?id=CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. TOCTOU en el ASP Bootloader puede permitir que un atacante con acceso físico altere los registros ROM SPI después de la verificación del contenido de la memoria, lo que podría provocar una pérdida de confidencialidad o una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 70EXPL: 0CVE-2021-26382
https://notcve.org/view.php?id=CVE-2021-26382
An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. Un atacante privilegiado de cuenta root puede cargar cualquier imagen de firmware legítimamente firmada en el coprocesador de audio (ACP), independientemente de que la respectiva clave de firma sea declarada como usable para autenticar una imagen de firmware ACP, resultando potencialmente en una denegación de servicio • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 •