Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2021-26356 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | 7.4 |
| 2023-05-09 | CVE-2021-26365 | Out-of-bounds Read vulnerability in AMD products Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. | 8.2 |
| 2023-05-09 | CVE-2021-26371 | Unspecified vulnerability in AMD products A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
| 2023-05-09 | CVE-2021-26379 | Unspecified vulnerability in AMD products Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | 9.8 |
| 2023-05-09 | CVE-2021-26397 | Unspecified vulnerability in AMD products Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | 7.1 |
| 2023-05-09 | CVE-2021-26406 | Unspecified vulnerability in AMD products Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. | 7.5 |
| 2023-05-09 | CVE-2021-46749 | Out-of-bounds Read vulnerability in AMD products Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | 7.5 |
| 2023-05-09 | CVE-2021-46753 | Unspecified vulnerability in AMD products Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | 9.1 |
| 2023-05-09 | CVE-2021-46762 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | 9.1 |
| 2023-05-09 | CVE-2021-46763 | Out-of-bounds Write vulnerability in AMD products Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | 7.5 |