Vulnerabilities
Vulnerable Software
Amd:  Security Vulnerabilities
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-01-11
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-01-11
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-01-11
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-01-11
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-01-11
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-01-11
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-01-11
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-01-11
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
CVSS Score
2.4
EPSS Score
0.002
Published
2023-01-11
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-01-11


Contact Us

Shodan ® - All rights reserved