ryzen_3950x_firmware

amd / ryzen_6600h_firmware+177

CVE-2021-46753

CRITICAL9.1

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.

amd / ryzen_6600h_firmware+107

CVE-2021-46773

HIGH8.8

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.

CVE-2021-46755

amd / ryzen_5500_firmware+45

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.

CVE-2021-46794

amd / ryzen_5300g_firmware+167

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

CVE-2021-46749

amd / ryzen_5300g_firmware+167

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

CVE-2021-46765

amd / ryzen_6600h_firmware+77

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

amd / ryzen_5300g_firmware+188

CVE-2021-46759

MEDIUM6.1

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

Physical

amd / ryzen_5300g_firmware+98

CVE-2021-46792

MEDIUM5.9

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.