Amd: >> Ryzen 3100 Firmware >> comboam4v2_pi_1.2.0.8 Security Vulnerabilities
Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce the bootloader into exposing sensitive information to the SMU
(System Management Unit) resulting in a potential loss of confidentiality and
integrity.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-05-09
Improper syscall input validation in AMD TEE
(Trusted Execution Environment) may allow an attacker with physical access and
control of a Uapp that runs under the bootloader to reveal the contents of the
ASP (AMD Secure Processor) bootloader accessible memory to a serial port,
resulting in a potential loss of integrity.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-05-09
Insufficient input validation in ASP may allow
an attacker with a compromised SMM to induce out-of-bounds memory reads within
the ASP, potentially leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-09
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-09
Failure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a
malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite
data structures leading to a potential loss of confidentiality and integrity.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-09
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-09