VYPR

ASP Bootloader

by AMD

CVEs (9)

  • CVE-2023-20526Nov 14, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

  • CVE-2023-20521Nov 14, 2023
    risk 0.00cvss epss 0.00

    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

  • CVE-2021-46766Nov 14, 2023
    risk 0.00cvss epss 0.00

    Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

  • CVE-2021-26356May 9, 2023
    risk 0.00cvss epss 0.00

    A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

  • CVE-2023-20520May 9, 2023
    risk 0.00cvss epss 0.01

    Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.

  • CVE-2023-20527Jan 10, 2023
    risk 0.00cvss epss 0.01

    Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

  • CVE-2023-20525Jan 10, 2023
    risk 0.00cvss epss 0.01

    Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.

  • CVE-2021-26386May 12, 2022
    risk 0.00cvss epss 0.00

    A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

  • CVE-2021-26361May 12, 2022
    risk 0.00cvss epss 0.00

    A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.