CVE-2023-20594

all versions

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

4.4MEDIUM

CVE-2023-20532

< milanpi_1.0.0.5

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of

5.3MEDIUM

CVE-2023-20531

< milanpi_1.0.0.5

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentiall

7.5HIGH

CVE-2023-20530

< milanpi_1.0.0.5

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a

7.5HIGH

CVE-2023-20529

< milanpi_1.0.0.5

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially res

7.5HIGH

CVE-2023-20528

< milanpi_1.0.0.5

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentia

2.4LOW

CVE-2023-20527

< milanpi_1.0.0.5

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially

6.5MEDIUM

CVE-2023-20525

< milanpi_1.0.0.5

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a

6.5MEDIUM

CVE-2023-20523

< milanpi_1.0.0.5

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or d

5.7MEDIUM

CVE-2021-26402

< milanpi_1.0.0.4

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to

7.1HIGH

CVE-2021-26398

< milanpi_1.0.0.4

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corr

7.8HIGH

CVE-2021-26396

< milanpi-sp3_1.0.0.9

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP

4.4MEDIUM

CVE-2021-26355

< milanpi-sp3_1.0.0.7

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could

5.5MEDIUM

CVE-2021-26343

< milanpi_1.0.0.3

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sens

5.5MEDIUM

CVE-2021-26328

< milanpi_1.0.0.8

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guest

4.4MEDIUM

CVE-2021-26316

< milanpi-sp3_1.0.0.8

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer

7.8HIGH