Amd

Ryzen 3500x Firmware

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2023-20594

  • EPSS 0.05%
  • Veröffentlicht 20.09.2023 18:15:12
  • Zuletzt bearbeitet 27.06.2025 22:15:23

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

5.5

CVE-2023-20597

  • EPSS 0.08%
  • Veröffentlicht 20.09.2023 18:15:12
  • Zuletzt bearbeitet 27.06.2025 22:15:25

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

9.1

CVE-2021-46754

  • EPSS 0.17%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:34:38

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential ...

7.5

CVE-2021-46755

  • EPSS 0.16%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:31

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.

6.1

CVE-2021-46759

  • EPSS 0.05%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 27.01.2025 18:15:28

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessibl...

7.5

CVE-2021-46765

  • EPSS 0.12%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 27.01.2025 18:15:29

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

8.8

CVE-2021-46773

  • EPSS 0.16%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:32

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.

5.9

CVE-2021-46792

  • EPSS 0.12%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:33

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial o...

7.5

CVE-2021-46794

  • EPSS 0.16%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:33

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

9.1

CVE-2021-46753

  • EPSS 0.18%
  • Veröffentlicht 09.05.2023 19:15:11
  • Zuletzt bearbeitet 28.01.2025 16:15:31

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of ...