CVE-2023-0161
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Source: CVE-2023-0161
[월:] 2023년 01월
CVE-2023-20525
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
Source: CVE-2023-20525
CVE-2022-23814
CVE-2022-23814
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.
Source: CVE-2022-23814
CVE-2022-23813
CVE-2022-23813
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.
Source: CVE-2022-23813
CVE-2021-46795
CVE-2021-46795
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
Source: CVE-2021-46795
CVE-2021-46791
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
Source: CVE-2021-46791
CVE-2021-46779
CVE-2021-46779
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.
Source: CVE-2021-46779
CVE-2021-46768
CVE-2021-46768
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.
Source: CVE-2021-46768
CVE-2021-46767
CVE-2021-46767
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.
Source: CVE-2021-46767
CVE-2023-20530
CVE-2023-20530
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
Source: CVE-2023-20530