CVE-2023-20578

< romepi_1.0.0.g

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell

7.5HIGH

CVE-2021-26344

< romepi_1.0.0.c

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the abil

7.2HIGH

CVE-2023-20592

all versions

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affe

6.5MEDIUM

CVE-2023-20533

< romepi_1.0.0.d

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM a

6.1MEDIUM

CVE-2023-20526

< romepi_1.0.0.d

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents o

1.9LOW

CVE-2023-20521

< romepi_1.0.0.d

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verifi

3.3LOW

CVE-2021-46774

< romepi_1.0.0.g

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM a

6.7MEDIUM

CVE-2021-26345

< romepi_1.0.0.f

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memo

1.9LOW

CVE-2023-20593

all versions

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensiti

5.5MEDIUM

CVE-2023-20575

all versions

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting

6.5MEDIUM

CVE-2021-46756

all versions

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a

9.1CRITICAL

CVE-2023-20524

all versions

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds

7.5HIGH

CVE-2023-20520

all versions

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffe

9.8CRITICAL

CVE-2021-46775

all versions

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially

6.8MEDIUM

CVE-2021-46769

all versions

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which

8.8HIGH

CVE-2021-46764

all versions

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentia

7.5HIGH

CVE-2021-46763

all versions

Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory b

7.5HIGH

CVE-2021-46762

all versions

Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or d

3.9LOW

CVE-2021-26406

all versions

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) a

7.5HIGH

CVE-2021-26379

< romepi_1.0.0.e

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially lea

9.8CRITICAL

CVE-2021-26371

< romepi_1.0.0.d

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memo

5.5MEDIUM

CVE-2021-26356

< romepi_1.0.0.d

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in

7.4HIGH

CVE-2021-26354

< romepi_1.0.0.d

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary

5.5MEDIUM

CVE-2022-27672

all versions

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an

4.7MEDIUM

CVE-2023-20532

< romepi_1.0.0.c

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of

5.3MEDIUM

CVE-2023-20531

< romepi_1.0.0.c

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentiall

7.5HIGH

CVE-2023-20529

< romepi_1.0.0.c

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially res

7.5HIGH

CVE-2023-20528

< romepi_1.0.0.c

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentia

2.4LOW

CVE-2023-20527

< romepi_1.0.0.c

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially

6.5MEDIUM

CVE-2023-20525

< romepi_100d

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a

6.5MEDIUM

CVE-2023-20523

< romepi_1.0.0.c

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or d

5.7MEDIUM

CVE-2021-26403

< romepi_1.0.0.9

Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of

6.5MEDIUM

CVE-2021-26402

< romepi_1.0.0.c

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to

7.1HIGH

CVE-2021-26398

< romepi_1.0.0.c

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corr

7.8HIGH

CVE-2021-26316

< romepi_1.0.0.d

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer

7.8HIGH

CVE-2022-23824

all versions

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information

5.5MEDIUM

CVE-2021-46778

all versions

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen

5.6MEDIUM

CVE-2022-23825

all versions

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information

6.5MEDIUM

CVE-2022-29900

all versions

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitect

6.5MEDIUM

CVE-2022-23823

all versions

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing a

6.5MEDIUM

CVE-2021-46744

all versions

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring c

6.5MEDIUM

CVE-2021-26388

< romepi-sp3_1.0.0.d

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of b

5.5MEDIUM

CVE-2021-26378

< romepi-sp3_1.0.0.d

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result i

5.5MEDIUM

CVE-2021-26376

< romepi-sp3_1.0.0.d

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denia

5.5MEDIUM

CVE-2021-26375

< romepi-sp3_1.0.0.d

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid a

5.5MEDIUM

CVE-2021-26373

< romepi-sp3_1.0.0.d

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in deni

5.5MEDIUM

CVE-2021-26372

< romepi-sp3_1.0.0.d

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space tha

5.5MEDIUM

CVE-2021-26364

< romepi-sp3_1.0.0.d

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address ra

5.5MEDIUM

CVE-2021-26350

< romepi-sp3_1.0.0.d

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may

4.7MEDIUM

CVE-2021-26347

< romepi-sp3_1.0.0.d

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer ove

4.7MEDIUM

CVE-2021-26408

< romepi-sp3_1.0.0.c

Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resu

7.1HIGH

CVE-2021-26370

< romepi-sp3_1.0.0.c

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or A

7.1HIGH

CVE-2021-26401

all versions

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

5.6MEDIUM

CVE-2021-26341

all versions

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

6.5MEDIUM

CVE-2020-12966

all versions

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State

5.5MEDIUM

CVE-2021-26340

all versions

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Tr

8.4HIGH

CVE-2021-26337

< romepi-sp3_1.0.0.c

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM re

5.5MEDIUM

CVE-2021-26336

< romepi-sp3_1.0.0.c

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU ha

5.5MEDIUM

CVE-2021-26335

< romepi-sp3_1.0.0.c

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker

7.8HIGH

CVE-2021-26331

< romepi-sp3_1.0.0.c

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leadi

7.8HIGH

CVE-2021-26330

< romepi-sp3_1.0.0.c

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

5.5MEDIUM

CVE-2021-26321

< romepi-sp3_1.0.0.c

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of

5.5MEDIUM

CVE-2021-26320

< romepi-sp3_1.0.0.c

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authentic

5.5MEDIUM

CVE-2020-12961

< romepi-sp3_1.0.0.c

A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged regist

7.8HIGH

CVE-2020-12954

< romepi-sp3_1.0.0.c

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauth

5.5MEDIUM

CVE-2020-12951

< romepi-sp3_1.0.0.c

Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.

7.0HIGH

CVE-2020-12946

< romepi-sp3_1.0.0.c

Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of se

7.1HIGH

CVE-2020-12944

< romepi-sp3_1.0.0.c

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

7.8HIGH

CVE-2021-26338

< romepi-sp3_1.0.0.c

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located

7.5HIGH

CVE-2021-26329

< romepi-sp3_1.0.0.c

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a poten

5.5MEDIUM

CVE-2021-26322

< romepi-sp3_1.0.0.c

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.

7.5HIGH

CVE-2021-26312

< romepi-sp3_1.0.0.c

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write t

5.5MEDIUM

CVE-2020-12988

< romepi-sp3_1.0.0.c

A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the

7.5HIGH