Version various
OTHER
3 CVEs
Known Vulnerabilities
CVE-2022-23821
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
UNKNOWN
Published Nov 14, 2023
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
LOW
CVSS 3.3
Published Nov 14, 2023
CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
UNKNOWN
Published Aug 08, 2023