Description
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPvarious – various
- AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”various – various
- AMD / Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4various – various
- AMD / Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5various – various
- AMD / Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”various – various
- AMD / Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”various – various
- AMD / Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4various – various
- AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”various – various
- AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”various – various