ASP Bootloader
by AMD
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20526 | 0.00 | — | 0.00 | Nov 14, 2023 | Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | |||
| CVE-2023-20521 | 0.00 | — | 0.00 | Nov 14, 2023 | TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | |||
| CVE-2021-46766 | 0.00 | — | 0.00 | Nov 14, 2023 | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | |||
| CVE-2021-26356 | 0.00 | — | 0.00 | May 9, 2023 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | |||
| CVE-2023-20520 | 0.00 | — | 0.01 | May 9, 2023 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | |||
| CVE-2023-20527 | 0.00 | — | 0.01 | Jan 10, 2023 | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | |||
| CVE-2023-20525 | 0.00 | — | 0.01 | Jan 10, 2023 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | |||
| CVE-2021-26386 | 0.00 | — | 0.00 | May 12, 2022 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | |||
| CVE-2021-26361 | 0.00 | — | 0.00 | May 12, 2022 | A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. |
- CVE-2023-20526Nov 14, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2023-20521Nov 14, 2023risk 0.00cvss —epss 0.00
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766Nov 14, 2023risk 0.00cvss —epss 0.00
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2021-26356May 9, 2023risk 0.00cvss —epss 0.00
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
- CVE-2023-20520May 9, 2023risk 0.00cvss —epss 0.01
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
- CVE-2023-20527Jan 10, 2023risk 0.00cvss —epss 0.01
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
- CVE-2023-20525Jan 10, 2023risk 0.00cvss —epss 0.01
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
- CVE-2021-26386May 12, 2022risk 0.00cvss —epss 0.00
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
- CVE-2021-26361May 12, 2022risk 0.00cvss —epss 0.00
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.