Amd Athlon™ Series
27 CVEs affecting Amd Athlon™ Series. Latest disclosed: 2022-07-14. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-26384 | High | 7.8 | 2022-07-14 | A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to ou… |
CVE-2021-26386 | High | 7.8 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt mem… |
CVE-2021-26317 | High | 7.8 | 2022-05-12 | Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. |
CVE-2021-26369 | High | 7.8 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. |
CVE-2021-26335 | High | 7.8 | 2021-11-16 | Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to s… |
CVE-2020-12944 | High | 7.8 | 2021-11-16 | Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
CVE-2021-26366 | High | 7.1 | 2022-05-12 | An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. |
CVE-2021-26362 | High | 7.1 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network… |
CVE-2020-12946 | High | 7.1 | 2021-11-16 | Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. |
CVE-2020-12951 | High | 7.0 | 2021-11-16 | Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. |
CVE-2021-26390 | Medium | 6.2 | 2022-05-10 | A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. |
CVE-2021-26361 | Medium | 5.5 | 2022-05-12 | A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2… |
CVE-2021-26351 | Medium | 5.5 | 2022-05-12 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that co… |
CVE-2021-26388 | Medium | 5.5 | 2022-05-11 | Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, result… |
CVE-2021-26378 | Medium | 5.5 | 2022-05-11 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. |
CVE-2021-26376 | Medium | 5.5 | 2022-05-11 | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial… |
CVE-2021-26375 | Medium | 5.5 | 2022-05-11 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could resul… |
CVE-2021-26373 | Medium | 5.5 | 2022-05-11 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possib… |
CVE-2021-26372 | Medium | 5.5 | 2022-05-11 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of s… |
CVE-2021-26339 | Medium | 5.5 | 2022-05-11 | A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denia… |