| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. |
| IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. |
| An attacker with a compromised ASP could
possibly send malformed commands to an ASP on another CPU, resulting in an out
of bounds write, potentially leading to a loss a loss of integrity.
|
| Improper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
|
| Insufficient input validation on the model
specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest
memory integrity.
|
| Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
|
| Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.
|
| Improper input validation in ABL may enable an
attacker with physical access, to perform arbitrary memory overwrites,
potentially leading to a loss of integrity and code execution.
|
| Insufficient input validation in ABL may enable
a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity or code execution.
|
| Insufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead to code execution.
|
| Improper validation of DRAM addresses in SMU may
allow an attacker to overwrite sensitive memory locations within the ASP
potentially resulting in a denial of service.
|
| Insufficient input validation in the SMU may
enable a privileged attacker to write beyond the intended bounds of a shared
memory buffer potentially leading to a loss of integrity.
|
| Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
|
| Failure to unmap certain SysHub mappings in
error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker
with a malicious bootloader to exhaust the SysHub resources resulting in a
potential denial of service.
|
| Failure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a
malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite
data structures leading to a potential loss of confidentiality and integrity.
|
| Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
|
| Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
|
| Insufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations
potentially resulting in a loss of integrity or availability.
|
| Insufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially
leading to a loss of integrity and privilege escalation.
|
| A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
|
