An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection a

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and contro

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a mal

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.