Vulnerabilities
Vulnerable Software
Amd:  Security Vulnerabilities
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-05-09
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-05-09
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.
CVSS Score
5.9
EPSS Score
0.004
Published
2023-05-09
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-05-09
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
CVSS Score
9.1
EPSS Score
0.006
Published
2023-05-09
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVSS Score
3.9
EPSS Score
0.003
Published
2023-05-09
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-05-09
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-05-09
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-05-09
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-05-09


Contact Us

Shodan ® - All rights reserved