Description
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPvarious – various
- AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”various – various
- AMD / Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4various – various
- AMD / Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5various – various
- AMD / Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”various – various
- AMD / Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”various – various
- AMD / Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4various – various
- AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”various – various
- AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”various – various
- AMD / Ryzen™ 6000 Series Mobile Processors "Rembrandt"various – various