ABL
by AMD
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46772 | Low | 0.25 | 3.9 | 0.00 | Aug 13, 2024 | Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. | ||
| CVE-2021-46773 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | |||
| CVE-2021-46775 | 0.00 | — | 0.00 | May 9, 2023 | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | |||
| CVE-2021-26369 | 0.00 | — | 0.00 | May 12, 2022 | A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. |
- risk 0.25cvss 3.9epss 0.00
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
- CVE-2021-46773May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.
- CVE-2021-46775May 9, 2023risk 0.00cvss —epss 0.00
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
- CVE-2021-26369May 12, 2022risk 0.00cvss —epss 0.00
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.