Amd

Athlon Gold 3150g Firmware

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2022-23815

  • EPSS 0.06%
  • Veröffentlicht 13.08.2024 17:15:18
  • Zuletzt bearbeitet 18.03.2025 21:15:23

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

6

CVE-2021-26367

  • EPSS 0.04%
  • Veröffentlicht 13.08.2024 17:15:17
  • Zuletzt bearbeitet 12.12.2024 20:41:56

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

5.7

CVE-2023-20521

  • EPSS 0.04%
  • Veröffentlicht 14.11.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 07:41:04

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

7.8

CVE-2023-20555

  • EPSS 0.05%
  • Veröffentlicht 08.08.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:41:06

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

5.5

CVE-2023-20588

  • EPSS 6.11%
  • Veröffentlicht 08.08.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:41:10

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

6.8

CVE-2023-20589

  • EPSS 0.08%
  • Veröffentlicht 08.08.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:41:10

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.  ...

9.1

CVE-2021-46754

  • EPSS 0.17%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:34:38

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential ...

6.1

CVE-2021-46759

  • EPSS 0.05%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 27.01.2025 18:15:28

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessibl...

5.9

CVE-2021-46792

  • EPSS 0.12%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:33

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial o...

7.5

CVE-2021-46794

  • EPSS 0.16%
  • Veröffentlicht 09.05.2023 20:15:12
  • Zuletzt bearbeitet 28.01.2025 16:15:33

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.