Description
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
CVSS breakdown
CVSS 4.0
Attack Vector
Physical
Attack Complexity
High
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsRenoirPI-FP6_1.0.0.Ec – RenoirPI-FP6_1.0.0.Ec
- AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Ed – RenoirPI-FP6 1.0.0.Ed
- AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI_1.2.0.11 – ComboAM4v2PI_1.2.0.11
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1c – CezannePI-FP6_1.0.1.1c
- AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1c – CezannePI-FP6_1.0.1.1c
- AMD / AMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.D – EmbeddedPI-FP6_1.0.0.D