CVE-2023-20597

all versions

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

5.5MEDIUM

CVE-2023-20594

all versions

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

4.4MEDIUM

CVE-2021-46794

all versions

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface

7.5HIGH

CVE-2021-46792

all versions

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition

5.9MEDIUM

CVE-2021-46773

all versions

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of in

8.8HIGH

CVE-2021-46765

all versions

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the

7.5HIGH

CVE-2021-46759

all versions

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and contro

6.1MEDIUM

CVE-2021-46755

all versions

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a

7.5HIGH

CVE-2021-46754

all versions

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to

9.1CRITICAL

CVE-2021-46753

all versions

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a mal

9.1CRITICAL

CVE-2021-46749

all versions

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface

7.5HIGH

CVE-2022-29277

< 05.44.30.0004

Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBloc

8.8HIGH

CVE-2021-26386

all versions

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader poten

7.8HIGH

CVE-2021-26368

all versions

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged pro

4.4MEDIUM

CVE-2021-26317

all versions

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential

7.8HIGH

CVE-2020-12965

all versions

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lowe

7.5HIGH

CVE-2021-26337

all versions

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM re

5.5MEDIUM