CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 5.5 |
Medium |
||
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 4.4 |
Medium |
||
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | 4.7 |
Medium |
||
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | 8.8 |
High |
||
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. | 7.5 |
High |
||
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | 9.1 |
Critical |