Amd: Security Vulnerabilities
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-08-13
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVSS Score
2.3
EPSS Score
0.001
Published
2024-08-13
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-08-13
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-13
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-08-13
Improper re-initialization of IOMMU during the DRTM event
may permit an untrusted platform configuration to persist, allowing an attacker
to read or modify hypervisor memory, potentially resulting in loss of
confidentiality, integrity, and availability.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-08-13
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-13
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2024-08-13
An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-13
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVSS Score
5.7
EPSS Score
0.0
Published
2024-08-13