CVSS: 7.0EPSS: 0%CPEs: 128EXPL: 0CVE-2022-23817
https://notcve.org/view.php?id=CVE-2022-23817
13 Aug 2024 — Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 277EXPL: 1CVE-2023-4969 – GPU kernel implementations susceptible to memory leak
https://notcve.org/view.php?id=CVE-2023-4969
16 Jan 2024 — A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Un kernel de GPU puede leer datos confidenciales de otro kernel de GPU (incluso de otro usuario o aplicación) a través de una región de memoria de GPU optimizada llamada _local memory_ en varias arquitecturas. • https://blog.trailofbits.com • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 128EXPL: 0CVE-2023-20596
https://notcve.org/view.php?id=CVE-2023-20596
14 Nov 2023 — Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. Una validación de entrada incorrecta en SMM Supervisor puede permitir que un atacante con un controlador SMI comprometido obtenga acceso a Ring0, lo que podría conducir a la ejecución de código arbitrario. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011 •
CVSS: 8.1EPSS: 0%CPEs: 144EXPL: 0CVE-2023-20571
https://notcve.org/view.php?id=CVE-2023-20571
14 Nov 2023 — A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Una condición de ejecución en el código de System Management Mode (SMM) puede permitir que un atacante que utilice un espacio de usuario comprometido aproveche CVE-2018-8897, lo que podría generar una escalada de privilegios. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0CVE-2023-20565
https://notcve.org/view.php?id=CVE-2023-20565
14 Nov 2023 — Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Las protecciones insuficientes en el código del System Management Mode (SMM) pueden permitir que un atacante habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0CVE-2023-20563
https://notcve.org/view.php?id=CVE-2023-20563
14 Nov 2023 — Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Las protecciones insuficientes en el código del System Management Mode (SMM) pueden permitir que un atacante habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 236EXPL: 0CVE-2022-23821
https://notcve.org/view.php?id=CVE-2022-23821
14 Nov 2023 — Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. Un control de acceso inadecuado en System Management Mode (SMM) puede permitir que un atacante escriba en la ROM SPI, lo que podría provocar la ejecución de código arbitrario. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •
CVSS: 6.6EPSS: 0%CPEs: 122EXPL: 0CVE-2021-46758
https://notcve.org/view.php?id=CVE-2021-46758
14 Nov 2023 — Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. La validación insuficiente de las direcciones flash SPI en el cargador de arranque ASP (AMD Secure Processor) puede permitir que un atacante lea datos en la memoria asignada más allá de la flash SPI, lo que resulta en una posible pérdida de disponibilidad e integridad. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •
CVSS: 10.0EPSS: 0%CPEs: 230EXPL: 0CVE-2022-23820
https://notcve.org/view.php?id=CVE-2022-23820
14 Nov 2023 — Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. No validar el búfer de comunicación AMD SMM puede permitir que un atacante corrompa la SMRAM, lo que podría provocar la ejecución de código arbitrario. Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
08 Aug 2023 — Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •