CVE-2023-20596
- EPSS 0.53%
- Published 14.11.2023 19:15:16
- Last modified 21.11.2024 07:41:11
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
CVE-2023-20563
- EPSS 0.13%
- Published 14.11.2023 19:15:15
- Last modified 21.11.2024 07:41:07
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2023-20565
- EPSS 0.13%
- Published 14.11.2023 19:15:15
- Last modified 21.11.2024 07:41:07
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2023-20571
- EPSS 0.39%
- Published 14.11.2023 19:15:15
- Last modified 21.11.2024 07:41:09
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
CVE-2021-46758
- EPSS 0.13%
- Published 14.11.2023 19:15:10
- Last modified 21.11.2024 06:34:39
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
CVE-2022-23820
- EPSS 0.18%
- Published 14.11.2023 19:15:10
- Last modified 21.11.2024 06:49:18
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
CVE-2022-23821
- EPSS 0.34%
- Published 14.11.2023 19:15:10
- Last modified 21.11.2024 06:49:18
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.