Insufficient input validation in ASP may allow
an attacker with a compromised SMM to induce out-of-bounds memory reads within
the ASP, potentially leading to a denial of service.
Insufficient input validation in ABL may enable
a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity or code execution.
Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
Failure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a
malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite
data structures leading to a potential loss of confidentiality and integrity.
Insufficient input validation in the SMU may
enable a privileged attacker to write beyond the intended bounds of a shared
memory buffer potentially leading to a loss of integrity.
Improper validation of DRAM addresses in SMU may
allow an attacker to overwrite sensitive memory locations within the ASP
potentially resulting in a denial of service.
Insufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead to code execution.
Improper input validation in ABL may enable an
attacker with physical access, to perform arbitrary memory overwrites,
potentially leading to a loss of integrity and code execution.