Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:h:amd:amd_3015ce:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20521 |
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. Published: November 14, 2023; 2:15:15 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2023-20583 |
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. Published: August 01, 2023; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2021-26371 |
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. Published: May 09, 2023; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-26365 |
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. Published: May 09, 2023; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2021-26354 |
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. Published: May 09, 2023; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-26393 |
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. Published: November 09, 2022; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-26392 |
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. Published: November 09, 2022; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2020-12931 |
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. Published: November 09, 2022; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2020-12930 |
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. Published: November 09, 2022; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |