amd AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics - 9 CVEs, 3 Versions

CVE-2024-21981

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

MEDIUM Aug 13, 2024

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

LOW Aug 13, 2024

CVE-2022-23817

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.

HIGH Aug 13, 2024

CVE-2022-23815

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

HIGH Aug 13, 2024

CVE-2021-46772

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

LOW Aug 13, 2024

CVE-2021-46746

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

MEDIUM Aug 13, 2024

AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Versions

PicassoPI-FP5 1.0.0.F

various

PicassoPI-FP5 1.0.0.E

Recent CVEs

CVE-2024-21981

CVE-2023-20518

CVE-2022-23817

CVE-2022-23815

CVE-2021-46772

CVE-2021-46746

CVE-2021-26387

CVE-2021-26367

CVE-2023-31315