Description
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- AMD / AMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4V2 1.2.0.A – ComboAM4V2 1.2.0.A
- AMD / AMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4V1 1.0.0.A – ComboAM4V1 1.0.0.A
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPollockPI-FT5 1.0.0.5 – PollockPI-FT5 1.0.0.5
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.F – PicassoPI-FP5 1.0.0.F
- AMD / AMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.4 – GenoaPI 1.0.0.4
- AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4V2 1.2.0.A – ComboAM4V2 1.2.0.A
- AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4V1 1.0.0.A – ComboAM4V1 1.0.0.A
- AMD / AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsPicassoPI-FP5 1.0.0.F – PicassoPI-FP5 1.0.0.F
- AMD / AMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E – CezannePI-FP6 1.0.0.E
- AMD / AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsComboAM4V2 1.2.0.A – ComboAM4V2 1.2.0.A
- AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.C – RenoirPI-FP6 1.0.0.C
- AMD / AMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4V2 1.2.0.A – ComboAM4V2 1.2.0.A
- AMD / AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4V2 1.2.0.A – ComboAM4V2 1.2.0.A
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E – CezannePI-FP6 1.0.0.E
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E – CezannePI-FP6 1.0.0.E
- AMD / AMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E – CezannePI-FP6 1.0.0.E
- AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.8 – RembrandtPI-FP7 1.0.0.8
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5 1.0.0.6 – ComboAM5 1.0.0.6
- AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.4 – MendocinoPI-FT6 1.0.0.4
- AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.8 – RembrandtPI-FP7 1.0.0.8
- AMD / AMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.3 – EmbAM4PI 1.0.0.3
- AMD / AMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.0 – EmbeddedAM5PI 1.0.0.0
- AMD / AMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5 1.2.0.A – EmbeddedPI-FP5 1.2.0.A
- AMD / AMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5 1.0.0.2 – EmbeddedR2KPI-FP5 1.0.0.2
- AMD / AMD Ryzen™ Embedded V1000 Series Processorsvarious – various
- AMD / AMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6 1.0.0.8 – EmbeddedPI-FP6 1.0.0.8
- AMD / AMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2 1.0.0.5 – EmbeddedPI-FP7r2 1.0.0.5
- AMD / AMD Ryzen™ Threadripper™ 3000 Series ProcessorsCastlePeakPI-SP3r3 1.0.0.9 – CastlePeakPI-SP3r3 1.0.0.9
- AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.6 – ChagallWSPI-sWRX8 1.0.0.6
- AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.B – CastlePeakWSPI-sWRX8 1.0.0.B
- AMD / AMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsChagallWSPI-sWRX8 1.0.0.6 – ChagallWSPI-sWRX8 1.0.0.6