Secure Processor (ASP) Boot Loader
by AMD
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48515 | Med | 0.35 | — | 0.00 | Feb 10, 2026 | Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution. | ||
| CVE-2025-29949 | Med | 0.31 | — | 0.00 | Feb 10, 2026 | Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service. | ||
| CVE-2021-46755 | 0.00 | — | 0.01 | May 9, 2023 | Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. | |||
| CVE-2021-26346 | 0.00 | — | 0.00 | Jan 10, 2023 | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | |||
| CVE-2021-26347 | 0.00 | — | 0.00 | May 11, 2022 | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. |
- risk 0.35cvss —epss 0.00
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
- risk 0.31cvss —epss 0.00
Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
- CVE-2021-46755May 9, 2023risk 0.00cvss —epss 0.01
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
- CVE-2021-26346Jan 10, 2023risk 0.00cvss —epss 0.00
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
- CVE-2021-26347May 11, 2022risk 0.00cvss —epss 0.00
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.