VYPR

Secure Processor

by AMD

CVEs (29)

  • CVE-2021-26402Jan 10, 2023
    risk 0.00cvss epss 0.00

    Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

  • CVE-2021-26396Jan 10, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.

  • CVE-2021-26360Nov 9, 2022
    risk 0.00cvss epss 0.00

    An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

  • CVE-2021-26391Nov 9, 2022
    risk 0.00cvss epss 0.00

    Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.

  • CVE-2021-46771May 10, 2022
    risk 0.00cvss epss 0.00

    Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.

  • CVE-2020-12961Nov 16, 2021
    risk 0.00cvss epss 0.00

    A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.

  • CVE-2021-26315Nov 16, 2021
    risk 0.00cvss epss 0.00

    When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.

  • CVE-2021-26335Nov 16, 2021
    risk 0.00cvss epss 0.00

    Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.

  • CVE-2019-9836Jun 25, 2019
    risk 0.00cvss epss 0.02

    Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

Page 2 of 2