Amd 3015ce Firmware

amd_3015ce_firmware

Vendor: Amd • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-20521 1Amd 93Amd 3015ce Firmware Amd 3015e FirmwareAthlon Gold 3150g Firmware+90 more Nov 21, 2024 Nov 14, 2023 N/A· v4 5.7 MEDIUM· v3 N/A· v2 TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVE-2021-26371 1Amd 128Amd 3015ce Firmware Amd 3015e FirmwareEpyc 7001 Firmware+125 more Jan 28, 2025 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2021-26365 1Amd 54Amd 3015ce Firmware Amd 3015e FirmwareRyzen 3 2200g Firmware+51 more Jan 28, 2025 May 9, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents...Show more Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. Show less
CVE-2021-26354 1Amd 152Amd 3015ce Firmware Amd 3015e FirmwareEpyc 7002 Firmware+149 more Jan 28, 2025 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
CVE-2021-26393 1Amd 67Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+64 more Nov 21, 2024 Nov 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of t...Show more Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.Show less
CVE-2021-26392 1Amd 103Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+100 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
CVE-2020-12931 1Amd 101Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+98 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
CVE-2020-12930 1Amd 103Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+100 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.