Vulnerabilidades em AMD
443 resultadosCVE-2021-46769HIGHInsufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead EPSS 0.8%CVE-2021-46760CRITICALA malicious or compromised UApp or ABL can send
a malformed system call to the bootloader, which may result in an out-of-bounds
memory accesEPSS 0.8%CVE-2022-23825—Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosureEPSS 0.8%CVE-2021-46773HIGHInsufficient input validation in ABL may enable
a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity orEPSS 0.8%CVE-2023-20575MEDIUM
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionEPSS 0.8%CVE-2022-23820HIGHFailure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code executEPSS 0.7%CVE-2021-26379CRITICALInsufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially
leading to a EPSS 0.7%CVE-2022-27674HIGHInsufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to aEPSS 0.7%CVE-2023-20559HIGH
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leadEPSS 0.7%CVE-2023-20558HIGH
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to EPSS 0.7%CVE-2022-23831HIGHInsufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential WindEPSS 0.7%CVE-2021-46756CRITICALInsufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious EPSS 0.6%CVE-2021-46764HIGHImproper validation of DRAM addresses in SMU may
allow an attacker to overwrite sensitive memory locations within the ASP
potentially resultEPSS 0.6%CVE-2023-31315HIGHImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SEPSS 0.6%CVE-2023-20530HIGHInsufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of EPSS 0.6%CVE-2021-46794HIGHInsufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox EPSS 0.6%CVE-2021-46755HIGHFailure to unmap certain SysHub mappings in
error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker
with a malicious EPSS 0.6%CVE-2021-46749HIGHInsufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox EPSS 0.6%CVE-2023-20522HIGHInsufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
EPSS 0.6%CVE-2023-20529HIGHInsufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in EPSS 0.6%