Search
Search Results (11 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29277 | 2 Amd, Intel | 78 Genoa, Genoa Firmware, Hygon 1 and 75 more | 2025-04-30 | 8.8 High |
| Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 | ||||
| CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2025-04-09 | 5.3 Medium |
| Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | ||||
| CVE-2022-23813 | 1 Amd | 4 Milanpi-sp3, Milanpi-sp3 Firmware, Romepi and 1 more | 2025-04-09 | 5.3 Medium |
| The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. | ||||
| CVE-2021-46791 | 1 Amd | 2 Milanpi, Milanpi Firmware | 2025-04-09 | 5.5 Medium |
| Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | ||||
| CVE-2021-46779 | 1 Amd | 6 Milanpi, Milanpi Firmware, Naplespi and 3 more | 2025-04-09 | 7.1 High |
| Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | ||||
| CVE-2021-46768 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-09 | 5.5 Medium |
| Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | ||||
| CVE-2021-46767 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-09 | 6.1 Medium |
| Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. | ||||
| CVE-2021-26409 | 1 Amd | 2 Milanpi, Milanpi Firmware | 2025-04-09 | 7.8 High |
| Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. | ||||
| CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-07 | 7.5 High |
| Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | ||||
| CVE-2021-26344 | 1 Amd | 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more | 2025-03-18 | 7.2 High |
| An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. | ||||
| CVE-2023-20519 | 1 Amd | 4 Genoapi, Genoapi Firmware, Milanpi and 1 more | 2024-11-21 | 3.3 Low |
| A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | ||||
Page 1 of 1.