Show filters
32 Total Results
Displaying 21-30 of 32
Sort by:
Attacker Value
Unknown

CVE-2021-26386

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
Attacker Value
Unknown

CVE-2021-26361

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
Attacker Value
Unknown

CVE-2021-26384

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
Attacker Value
Unknown

CVE-2021-26366

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
Attacker Value
Unknown

CVE-2021-26339

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
Attacker Value
Unknown

CVE-2021-26369

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
Attacker Value
Unknown

CVE-2021-26317

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
Attacker Value
Unknown

CVE-2021-26368

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
Attacker Value
Unknown

CVE-2021-26373

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
Attacker Value
Unknown

CVE-2021-26388

Disclosure Date: May 10, 2022 (last updated October 07, 2023)
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.