Amd: >> Ryzen 3300x Firmware >> renoirpi-fp6_1.0.0.7 Security Vulnerabilities
Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce the bootloader into exposing sensitive information to the SMU
(System Management Unit) resulting in a potential loss of confidentiality and
integrity.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-05-09
Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-09
Insufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a
potential denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-09