VYPR

Secure Processor

by AMD

CVEs (29)

  • CVE-2023-31317HigMay 15, 2026
    risk 0.57cvss epss 0.00

    Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

  • CVE-2023-20514HigFeb 11, 2026
    risk 0.57cvss epss 0.00

    Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

  • CVE-2023-31322HigSep 6, 2025
    risk 0.57cvss 8.7epss 0.00

    Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or…

  • CVE-2025-61972HigMay 13, 2026
    risk 0.55cvss epss 0.00

    Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality…

  • CVE-2023-31323HigFeb 12, 2026
    risk 0.55cvss epss 0.00

    Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or…

  • CVE-2022-23817HigAug 13, 2024
    risk 0.47cvss epss 0.00

    Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.

  • CVE-2021-46747HigJun 1, 2026
    risk 0.46cvss epss 0.00

    Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.

  • CVE-2023-31316HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next…

  • CVE-2025-54510MedApr 16, 2026
    risk 0.38cvss epss 0.00

    A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

  • CVE-2024-21981MedAug 13, 2024
    risk 0.37cvss 5.7epss 0.00

    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

  • CVE-2025-54511MedMay 15, 2026
    risk 0.34cvss epss 0.00

    Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.

  • CVE-2023-20508MedFeb 12, 2025
    risk 0.33cvss 5.0epss 0.00

    Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.

  • CVE-2025-54509MedJun 9, 2026
    risk 0.26cvss epss 0.00

    Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

  • CVE-2023-20518LowAug 13, 2024
    risk 0.12cvss 1.9epss 0.00

    Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

  • CVE-2023-20548Feb 11, 2026
    risk 0.00cvss epss 0.00

    A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.

  • CVE-2023-31324Feb 11, 2026
    risk 0.00cvss epss 0.00

    A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or…

  • CVE-2021-46794May 9, 2023
    risk 0.00cvss epss 0.01

    Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

  • CVE-2021-46756May 9, 2023
    risk 0.00cvss epss 0.01

    Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. …

  • CVE-2021-46754May 9, 2023
    risk 0.00cvss epss 0.01

    Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and…

  • CVE-2021-46779Jan 10, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.

Page 1 of 2